Re: [PATCH 3/3] Keys: Make request-key create an authorisation key

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Benoit Boissinot <bboissin@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@osdl.org,
	Michael A Halcrow <mahalcro@us.ibm.com>,
	Trond Myklebust <trond.myklebust@fys.uio.no>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] Keys: Make request-key create an authorisation key
Date: Thu, 31 Mar 2005 14:50:37 -0500	[thread overview]
Message-ID: <40f323d0050331115016b707f1@mail.gmail.com> (raw)
In-Reply-To: <29760.1111611165@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 4070 bytes --]

On Wed, 23 Mar 2005 20:52:45 +0000, David Howells <dhowells@redhat.com> wrote:
> 
> The attached patch makes the following changes:
> 
>  (6) One of the process keyrings can be nominated as the default to which
>      request_key() should attach new keys if not otherwise specified. This is
>      done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_*
>      constants. The current setting can also be read using this call.
> 
> 
> Signed-Off-By: David Howells <dhowells@redhat.com>
> ---
> @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id,
> 
>  /*****************************************************************************/
>  /*
> + * set the default keyring in which request_key() will cache keys
> + * - return the old setting
> + */
> +long keyctl_set_reqkey_keyring(int reqkey_defl)
> +{
> +       int ret;
> +
> +       switch (reqkey_defl) {
> +       case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +               ret = install_thread_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +               goto set;
> +
> +       case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +               ret = install_process_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +
> +       case KEY_REQKEY_DEFL_DEFAULT:
> +       case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +       set:
> +               current->jit_keyring = reqkey_defl;
> +
> +       case KEY_REQKEY_DEFL_NO_CHANGE:
> +               return current->jit_keyring;
> +
> +       case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL__GROUP_KEYRING

> +       default:
> +               return -EINVAL;
> +       }
> +
> +} /* end keyctl_set_reqkey_keyring() */
> +

> @@ -267,21 +294,84 @@ static struct key *request_key_construct
> 
>  /*****************************************************************************/
>  /*
> + * link a freshly minted key to an appropriate destination keyring
> + */
> +static void request_key_link(struct key *key, struct key *dest_keyring)
> +{
> +       struct task_struct *tsk = current;
> +       struct key *drop = NULL;
> +
> +       kenter("{%d},%p", key->serial, dest_keyring);
> +
> +       /* find the appropriate keyring */
> +       if (!dest_keyring) {
> +               switch (tsk->jit_keyring) {
> +               case KEY_REQKEY_DEFL_DEFAULT:
> +               case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +                       dest_keyring = tsk->thread_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +                       dest_keyring = tsk->signal->process_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +                       rcu_read_lock();
> +                       dest_keyring = key_get(
> +                               rcu_dereference(tsk->signal->session_keyring));
> +                       rcu_read_unlock();
> +                       drop = dest_keyring;
> +
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +                       dest_keyring = current->user->session_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_USER_KEYRING:
> +                       dest_keyring = current->user->uid_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_NO_CHANGE:

gcc-4 warns about this (warning: case label value is less than minimum
value for type) and it shouldn't be in jit_keyring anyway.

> +               case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL_GROUP_KEYRING
> +               default:
> +                       BUG();
> +               }
> +       }
> +
> +       /* and attach the key to it */
> +       key_link(dest_keyring, key);

patch attached.

regards,

Benoit

[-- Attachment #2: keys.patch --]
[-- Type: application/octet-stream, Size: 832 bytes --]

Signed-Off-By: Benoit Boissinot <benoit.boissinot@ens-lyon.org>

--- ./security/keys/request_key.c.orig	2005-03-31 21:23:43.000000000 +0200
+++ ./security/keys/request_key.c	2005-03-31 21:41:03.000000000 +0200
@@ -335,8 +335,7 @@ static void request_key_link(struct key 
 			dest_keyring = current->user->uid_keyring;
 			break;
 
-		case KEY_REQKEY_DEFL_NO_CHANGE:
-		case KEY_SPEC_GROUP_KEYRING:
+		case KEY_REQKEY_DEFL_GROUP_KEYRING:
 		default:
 			BUG();
 		}
--- ./security/keys/keyctl.c.orig	2005-03-31 21:41:35.000000000 +0200
+++ ./security/keys/keyctl.c	2005-03-31 21:42:01.000000000 +0200
@@ -951,7 +951,7 @@ long keyctl_set_reqkey_keyring(int reqke
 	case KEY_REQKEY_DEFL_NO_CHANGE:
 		return current->jit_keyring;
 
-	case KEY_SPEC_GROUP_KEYRING:
+	case KEY_REQKEY_DEFL_GROUP_KEYRING:
 	default:
 		return -EINVAL;
 	}

next prev parent reply	other threads:[~2005-03-31 19:51 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-23 20:14 [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() David Howells
2005-03-23 20:19 ` [PATCH 2/3] Keys: Use RCU to manage session keyring pointer David Howells
2005-03-23 21:07   ` Andrew Morton
2005-03-23 21:28     ` David Howells
2005-03-23 20:52 ` [PATCH 3/3] Keys: Make request-key create an authorisation key David Howells
2005-03-24 11:41   ` [PATCH 3/3] Keys: Make request-key create an authorisation key [try #2] David Howells
2005-03-31 19:50   ` Benoit Boissinot [this message]
2005-04-01 15:30     ` [PATCH] Keys: Fix request_key default keyring handling David Howells
2005-03-23 20:55 ` [PATCH 2/3] Keys: Use RCU to manage session keyring pointer David Howells
2005-04-11 22:45   ` Paul E. McKenney
2005-04-12  9:11     ` David Howells
2005-04-12 14:50       ` Paul E. McKenney
2005-03-23 21:06 ` [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() Andrew Morton
2005-03-23 21:26   ` David Howells
2005-03-23 22:34     ` Andrew Morton
2005-03-23 22:49       ` David Howells
2005-03-24  0:58       ` Kyle Moffett
2005-03-23 22:25   ` Mike Waychison
2005-03-24 11:38 ` [PATCH 1/3] Keys: Pass session keyring to call_usermodehelper() [try #2] David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40f323d0050331115016b707f1@mail.gmail.com \
    --to=bboissin@gmail.com \
    --cc=akpm@osdl.org \
    --cc=dhowells@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mahalcro@us.ibm.com \
    --cc=torvalds@osdl.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox