On Wed, 23 Mar 2005 20:52:45 +0000, David Howells <[email protected]> wrote: > > The attached patch makes the following changes: > > (6) One of the process keyrings can be nominated as the default to which > request_key() should attach new keys if not otherwise specified. This is > done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_* > constants. The current setting can also be read using this call. > > > Signed-Off-By: David Howells <[email protected]> > --- > @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id, > > /*****************************************************************************/ > /* > + * set the default keyring in which request_key() will cache keys > + * - return the old setting > + */ > +long keyctl_set_reqkey_keyring(int reqkey_defl) > +{ > + int ret; > + > + switch (reqkey_defl) { > + case KEY_REQKEY_DEFL_THREAD_KEYRING: > + ret = install_thread_keyring(current); > + if (ret < 0) > + return ret; > + goto set; > + > + case KEY_REQKEY_DEFL_PROCESS_KEYRING: > + ret = install_process_keyring(current); > + if (ret < 0) > + return ret; > + > + case KEY_REQKEY_DEFL_DEFAULT: > + case KEY_REQKEY_DEFL_SESSION_KEYRING: > + case KEY_REQKEY_DEFL_USER_KEYRING: > + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: > + set: > + current->jit_keyring = reqkey_defl; > + > + case KEY_REQKEY_DEFL_NO_CHANGE: > + return current->jit_keyring; > + > + case KEY_SPEC_GROUP_KEYRING: KEY_REQKEY_DEFL__GROUP_KEYRING > + default: > + return -EINVAL; > + } > + > +} /* end keyctl_set_reqkey_keyring() */ > + > @@ -267,21 +294,84 @@ static struct key *request_key_construct > > /*****************************************************************************/ > /* > + * link a freshly minted key to an appropriate destination keyring > + */ > +static void request_key_link(struct key *key, struct key *dest_keyring) > +{ > + struct task_struct *tsk = current; > + struct key *drop = NULL; > + > + kenter("{%d},%p", key->serial, dest_keyring); > + > + /* find the appropriate keyring */ > + if (!dest_keyring) { > + switch (tsk->jit_keyring) { > + case KEY_REQKEY_DEFL_DEFAULT: > + case KEY_REQKEY_DEFL_THREAD_KEYRING: > + dest_keyring = tsk->thread_keyring; > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_PROCESS_KEYRING: > + dest_keyring = tsk->signal->process_keyring; > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_SESSION_KEYRING: > + rcu_read_lock(); > + dest_keyring = key_get( > + rcu_dereference(tsk->signal->session_keyring)); > + rcu_read_unlock(); > + drop = dest_keyring; > + > + if (dest_keyring) > + break; > + > + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: > + dest_keyring = current->user->session_keyring; > + break; > + > + case KEY_REQKEY_DEFL_USER_KEYRING: > + dest_keyring = current->user->uid_keyring; > + break; > + > + case KEY_REQKEY_DEFL_NO_CHANGE: gcc-4 warns about this (warning: case label value is less than minimum value for type) and it shouldn't be in jit_keyring anyway. > + case KEY_SPEC_GROUP_KEYRING: KEY_REQKEY_DEFL_GROUP_KEYRING > + default: > + BUG(); > + } > + } > + > + /* and attach the key to it */ > + key_link(dest_keyring, key); patch attached. regards, Benoit
Attachment:
keys.patch
Description: Binary data
- References:
- [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper()
- From: David Howells <[email protected]>
- [PATCH 3/3] Keys: Make request-key create an authorisation key
- From: David Howells <[email protected]>
- [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper()
- Prev by Date: Re: klists and struct device semaphores
- Next by Date: RE: Industry db benchmark result on recent 2.6 kernels
- Previous by thread: [PATCH 3/3] Keys: Make request-key create an authorisation key
- Next by thread: [PATCH] Keys: Fix request_key default keyring handling
- Index(es):