| keyctl.c (8bbf4976b59fc9fc2861e79cab7beb3f6d647640) | keyctl.c (b6dff3ec5e116e3af6f537d4caedcad6b9e5082a) |
|---|---|
| 1/* keyctl.c: userspace keyctl operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 875 unchanged lines hidden (view full) --- 884 885 ret = -EINVAL; 886 if (plen > 1024 * 1024 - 1) 887 goto error; 888 889 /* the appropriate instantiation authorisation key must have been 890 * assumed before calling this */ 891 ret = -EPERM; | 1/* keyctl.c: userspace keyctl operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 875 unchanged lines hidden (view full) --- 884 885 ret = -EINVAL; 886 if (plen > 1024 * 1024 - 1) 887 goto error; 888 889 /* the appropriate instantiation authorisation key must have been 890 * assumed before calling this */ 891 ret = -EPERM; |
| 892 instkey = current->request_key_auth; | 892 instkey = current->cred->request_key_auth; |
| 893 if (!instkey) 894 goto error; 895 896 rka = instkey->payload.data; 897 if (rka->target_key->serial != id) 898 goto error; 899 900 /* pull the payload in if one was supplied */ --- 26 unchanged lines hidden (view full) --- 927 ret = key_instantiate_and_link(rka->target_key, payload, plen, 928 dest_keyring, instkey); 929 930 key_put(dest_keyring); 931 932 /* discard the assumed authority if it's just been disabled by 933 * instantiation of the key */ 934 if (ret == 0) { | 893 if (!instkey) 894 goto error; 895 896 rka = instkey->payload.data; 897 if (rka->target_key->serial != id) 898 goto error; 899 900 /* pull the payload in if one was supplied */ --- 26 unchanged lines hidden (view full) --- 927 ret = key_instantiate_and_link(rka->target_key, payload, plen, 928 dest_keyring, instkey); 929 930 key_put(dest_keyring); 931 932 /* discard the assumed authority if it's just been disabled by 933 * instantiation of the key */ 934 if (ret == 0) { |
| 935 key_put(current->request_key_auth); 936 current->request_key_auth = NULL; | 935 key_put(current->cred->request_key_auth); 936 current->cred->request_key_auth = NULL; |
| 937 } 938 939error2: 940 if (!vm) 941 kfree(payload); 942 else 943 vfree(payload); 944error: --- 10 unchanged lines hidden (view full) --- 955{ 956 struct request_key_auth *rka; 957 struct key *instkey, *dest_keyring; 958 long ret; 959 960 /* the appropriate instantiation authorisation key must have been 961 * assumed before calling this */ 962 ret = -EPERM; | 937 } 938 939error2: 940 if (!vm) 941 kfree(payload); 942 else 943 vfree(payload); 944error: --- 10 unchanged lines hidden (view full) --- 955{ 956 struct request_key_auth *rka; 957 struct key *instkey, *dest_keyring; 958 long ret; 959 960 /* the appropriate instantiation authorisation key must have been 961 * assumed before calling this */ 962 ret = -EPERM; |
| 963 instkey = current->request_key_auth; | 963 instkey = current->cred->request_key_auth; |
| 964 if (!instkey) 965 goto error; 966 967 rka = instkey->payload.data; 968 if (rka->target_key->serial != id) 969 goto error; 970 971 /* find the destination keyring if present (which must also be --- 6 unchanged lines hidden (view full) --- 978 ret = key_negate_and_link(rka->target_key, timeout, 979 dest_keyring, instkey); 980 981 key_put(dest_keyring); 982 983 /* discard the assumed authority if it's just been disabled by 984 * instantiation of the key */ 985 if (ret == 0) { | 964 if (!instkey) 965 goto error; 966 967 rka = instkey->payload.data; 968 if (rka->target_key->serial != id) 969 goto error; 970 971 /* find the destination keyring if present (which must also be --- 6 unchanged lines hidden (view full) --- 978 ret = key_negate_and_link(rka->target_key, timeout, 979 dest_keyring, instkey); 980 981 key_put(dest_keyring); 982 983 /* discard the assumed authority if it's just been disabled by 984 * instantiation of the key */ 985 if (ret == 0) { |
| 986 key_put(current->request_key_auth); 987 current->request_key_auth = NULL; | 986 key_put(current->cred->request_key_auth); 987 current->cred->request_key_auth = NULL; |
| 988 } 989 990error: 991 return ret; 992 993} /* end keyctl_negate_key() */ 994 995/*****************************************************************************/ 996/* 997 * set the default keyring in which request_key() will cache keys 998 * - return the old setting 999 */ 1000long keyctl_set_reqkey_keyring(int reqkey_defl) 1001{ | 988 } 989 990error: 991 return ret; 992 993} /* end keyctl_negate_key() */ 994 995/*****************************************************************************/ 996/* 997 * set the default keyring in which request_key() will cache keys 998 * - return the old setting 999 */ 1000long keyctl_set_reqkey_keyring(int reqkey_defl) 1001{ |
| 1002 struct cred *cred = current->cred; |
|
| 1002 int ret; 1003 1004 switch (reqkey_defl) { 1005 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1006 ret = install_thread_keyring(); 1007 if (ret < 0) 1008 return ret; 1009 goto set; 1010 1011 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1012 ret = install_process_keyring(); 1013 if (ret < 0) 1014 return ret; 1015 1016 case KEY_REQKEY_DEFL_DEFAULT: 1017 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1018 case KEY_REQKEY_DEFL_USER_KEYRING: 1019 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1020 set: | 1003 int ret; 1004 1005 switch (reqkey_defl) { 1006 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1007 ret = install_thread_keyring(); 1008 if (ret < 0) 1009 return ret; 1010 goto set; 1011 1012 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1013 ret = install_process_keyring(); 1014 if (ret < 0) 1015 return ret; 1016 1017 case KEY_REQKEY_DEFL_DEFAULT: 1018 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1019 case KEY_REQKEY_DEFL_USER_KEYRING: 1020 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1021 set: |
| 1021 current->jit_keyring = reqkey_defl; | 1022 cred->jit_keyring = reqkey_defl; |
| 1022 1023 case KEY_REQKEY_DEFL_NO_CHANGE: | 1023 1024 case KEY_REQKEY_DEFL_NO_CHANGE: |
| 1024 return current->jit_keyring; | 1025 return cred->jit_keyring; |
| 1025 1026 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1027 default: 1028 return -EINVAL; 1029 } 1030 1031} /* end keyctl_set_reqkey_keyring() */ 1032 --- 48 unchanged lines hidden (view full) --- 1081 1082 /* special key IDs aren't permitted */ 1083 ret = -EINVAL; 1084 if (id < 0) 1085 goto error; 1086 1087 /* we divest ourselves of authority if given an ID of 0 */ 1088 if (id == 0) { | 1026 1027 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1028 default: 1029 return -EINVAL; 1030 } 1031 1032} /* end keyctl_set_reqkey_keyring() */ 1033 --- 48 unchanged lines hidden (view full) --- 1082 1083 /* special key IDs aren't permitted */ 1084 ret = -EINVAL; 1085 if (id < 0) 1086 goto error; 1087 1088 /* we divest ourselves of authority if given an ID of 0 */ 1089 if (id == 0) { |
| 1089 key_put(current->request_key_auth); 1090 current->request_key_auth = NULL; | 1090 key_put(current->cred->request_key_auth); 1091 current->cred->request_key_auth = NULL; |
| 1091 ret = 0; 1092 goto error; 1093 } 1094 1095 /* attempt to assume the authority temporarily granted to us whilst we 1096 * instantiate the specified key 1097 * - the authorisation key must be in the current task's keyrings 1098 * somewhere 1099 */ 1100 authkey = key_get_instantiation_authkey(id); 1101 if (IS_ERR(authkey)) { 1102 ret = PTR_ERR(authkey); 1103 goto error; 1104 } 1105 | 1092 ret = 0; 1093 goto error; 1094 } 1095 1096 /* attempt to assume the authority temporarily granted to us whilst we 1097 * instantiate the specified key 1098 * - the authorisation key must be in the current task's keyrings 1099 * somewhere 1100 */ 1101 authkey = key_get_instantiation_authkey(id); 1102 if (IS_ERR(authkey)) { 1103 ret = PTR_ERR(authkey); 1104 goto error; 1105 } 1106 |
| 1106 key_put(current->request_key_auth); 1107 current->request_key_auth = authkey; | 1107 key_put(current->cred->request_key_auth); 1108 current->cred->request_key_auth = authkey; |
| 1108 ret = authkey->serial; 1109 1110error: 1111 return ret; 1112 1113} /* end keyctl_assume_authority() */ 1114 1115/* --- 149 unchanged lines hidden --- | 1109 ret = authkey->serial; 1110 1111error: 1112 return ret; 1113 1114} /* end keyctl_assume_authority() */ 1115 1116/* --- 149 unchanged lines hidden --- |