Re: [PATCH 3/3] Keys: Make request-key create an authorisation key

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Benoit Boissinot <bboissin@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@osdl.org,
	Michael A Halcrow <mahalcro@us.ibm.com>,
	Trond Myklebust <trond.myklebust@fys.uio.no>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] Keys: Make request-key create an authorisation key
Date: Thu, 31 Mar 2005 14:50:37 -0500	[thread overview]
Message-ID: <40f323d0050331115016b707f1@mail.gmail.com> (raw)
In-Reply-To: <29760.1111611165@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 4070 bytes --]

On Wed, 23 Mar 2005 20:52:45 +0000, David Howells <dhowells@redhat.com> wrote:
> 
> The attached patch makes the following changes:
> 
>  (6) One of the process keyrings can be nominated as the default to which
>      request_key() should attach new keys if not otherwise specified. This is
>      done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_*
>      constants. The current setting can also be read using this call.
> 
> 
> Signed-Off-By: David Howells <dhowells@redhat.com>
> ---
> @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id,
> 
>  /*****************************************************************************/
>  /*
> + * set the default keyring in which request_key() will cache keys
> + * - return the old setting
> + */
> +long keyctl_set_reqkey_keyring(int reqkey_defl)
> +{
> +       int ret;
> +
> +       switch (reqkey_defl) {
> +       case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +               ret = install_thread_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +               goto set;
> +
> +       case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +               ret = install_process_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +
> +       case KEY_REQKEY_DEFL_DEFAULT:
> +       case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +       set:
> +               current->jit_keyring = reqkey_defl;
> +
> +       case KEY_REQKEY_DEFL_NO_CHANGE:
> +               return current->jit_keyring;
> +
> +       case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL__GROUP_KEYRING

> +       default:
> +               return -EINVAL;
> +       }
> +
> +} /* end keyctl_set_reqkey_keyring() */
> +

> @@ -267,21 +294,84 @@ static struct key *request_key_construct
> 
>  /*****************************************************************************/
>  /*
> + * link a freshly minted key to an appropriate destination keyring
> + */
> +static void request_key_link(struct key *key, struct key *dest_keyring)
> +{
> +       struct task_struct *tsk = current;
> +       struct key *drop = NULL;
> +
> +       kenter("{%d},%p", key->serial, dest_keyring);
> +
> +       /* find the appropriate keyring */
> +       if (!dest_keyring) {
> +               switch (tsk->jit_keyring) {
> +               case KEY_REQKEY_DEFL_DEFAULT:
> +               case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +                       dest_keyring = tsk->thread_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +                       dest_keyring = tsk->signal->process_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +                       rcu_read_lock();
> +                       dest_keyring = key_get(
> +                               rcu_dereference(tsk->signal->session_keyring));
> +                       rcu_read_unlock();
> +                       drop = dest_keyring;
> +
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +                       dest_keyring = current->user->session_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_USER_KEYRING:
> +                       dest_keyring = current->user->uid_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_NO_CHANGE:

gcc-4 warns about this (warning: case label value is less than minimum
value for type) and it shouldn't be in jit_keyring anyway.

> +               case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL_GROUP_KEYRING
> +               default:
> +                       BUG();
> +               }
> +       }
> +
> +       /* and attach the key to it */
> +       key_link(dest_keyring, key);

patch attached.

regards,

Benoit

[-- Attachment #2: keys.patch --]
[-- Type: application/octet-stream, Size: 832 bytes --]

Signed-Off-By: Benoit Boissinot <benoit.boissinot@ens-lyon.org>

--- ./security/keys/request_key.c.orig	2005-03-31 21:23:43.000000000 +0200
+++ ./security/keys/request_key.c	2005-03-31 21:41:03.000000000 +0200
@@ -335,8 +335,7 @@ static void request_key_link(struct key 
 			dest_keyring = current->user->uid_keyring;
 			break;
 
-		case KEY_REQKEY_DEFL_NO_CHANGE:
-		case KEY_SPEC_GROUP_KEYRING:
+		case KEY_REQKEY_DEFL_GROUP_KEYRING:
 		default:
 			BUG();
 		}
--- ./security/keys/keyctl.c.orig	2005-03-31 21:41:35.000000000 +0200
+++ ./security/keys/keyctl.c	2005-03-31 21:42:01.000000000 +0200
@@ -951,7 +951,7 @@ long keyctl_set_reqkey_keyring(int reqke
 	case KEY_REQKEY_DEFL_NO_CHANGE:
 		return current->jit_keyring;
 
-	case KEY_SPEC_GROUP_KEYRING:
+	case KEY_REQKEY_DEFL_GROUP_KEYRING:
 	default:
 		return -EINVAL;
 	}

next prev parent reply	other threads:[~2005-03-31 19:51 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-23 20:14 [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() David Howells
2005-03-23 20:19 ` [PATCH 2/3] Keys: Use RCU to manage session keyring pointer David Howells
2005-03-23 21:07   ` Andrew Morton
2005-03-23 21:28     ` David Howells
2005-03-23 20:52 ` [PATCH 3/3] Keys: Make request-key create an authorisation key David Howells
2005-03-24 11:41   ` [PATCH 3/3] Keys: Make request-key create an authorisation key [try #2] David Howells
2005-03-31 19:50   ` Benoit Boissinot [this message]
2005-04-01 15:30     ` [PATCH] Keys: Fix request_key default keyring handling David Howells
2005-03-23 20:55 ` [PATCH 2/3] Keys: Use RCU to manage session keyring pointer David Howells
2005-04-11 22:45   ` Paul E. McKenney
2005-04-12  9:11     ` David Howells
2005-04-12 14:50       ` Paul E. McKenney
2005-03-23 21:06 ` [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() Andrew Morton
2005-03-23 21:26   ` David Howells
2005-03-23 22:34     ` Andrew Morton
2005-03-23 22:49       ` David Howells
2005-03-24  0:58       ` Kyle Moffett
2005-03-23 22:25   ` Mike Waychison
2005-03-24 11:38 ` [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() [try #2] David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40f323d0050331115016b707f1@mail.gmail.com \
    --to=bboissin@gmail.com \
    --cc=akpm@osdl.org \
    --cc=dhowells@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mahalcro@us.ibm.com \
    --cc=torvalds@osdl.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.