Commit 47d804bf authored by David Howells's avatar David Howells Committed by James Morris

CRED: Wrap task credential accesses in the key management code

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 8192b0c4
...@@ -802,7 +802,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, ...@@ -802,7 +802,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
} }
/* allocate a new key */ /* allocate a new key */
key = key_alloc(ktype, description, current->fsuid, current->fsgid, key = key_alloc(ktype, description, current_fsuid(), current_fsgid(),
current, perm, flags); current, perm, flags);
if (IS_ERR(key)) { if (IS_ERR(key)) {
key_ref = ERR_CAST(key); key_ref = ERR_CAST(key);
......
...@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) ...@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
down_write(&key->sem); down_write(&key->sem);
/* if we're not the sysadmin, we can only change a key that we own */ /* if we're not the sysadmin, we can only change a key that we own */
if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
key->perm = perm; key->perm = perm;
ret = 0; ret = 0;
} }
......
...@@ -77,7 +77,7 @@ static int call_sbin_request_key(struct key_construction *cons, ...@@ -77,7 +77,7 @@ static int call_sbin_request_key(struct key_construction *cons,
/* allocate a new session keyring */ /* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial); sprintf(desc, "_req.%u", key->serial);
keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
KEY_ALLOC_QUOTA_OVERRUN, NULL); KEY_ALLOC_QUOTA_OVERRUN, NULL);
if (IS_ERR(keyring)) { if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring); ret = PTR_ERR(keyring);
...@@ -90,8 +90,8 @@ static int call_sbin_request_key(struct key_construction *cons, ...@@ -90,8 +90,8 @@ static int call_sbin_request_key(struct key_construction *cons,
goto error_link; goto error_link;
/* record the UID and GID */ /* record the UID and GID */
sprintf(uid_str, "%d", current->fsuid); sprintf(uid_str, "%d", current_fsuid());
sprintf(gid_str, "%d", current->fsgid); sprintf(gid_str, "%d", current_fsgid());
/* we say which key is under construction */ /* we say which key is under construction */
sprintf(key_str, "%d", key->serial); sprintf(key_str, "%d", key->serial);
...@@ -279,7 +279,7 @@ static int construct_alloc_key(struct key_type *type, ...@@ -279,7 +279,7 @@ static int construct_alloc_key(struct key_type *type,
mutex_lock(&user->cons_lock); mutex_lock(&user->cons_lock);
key = key_alloc(type, description, key = key_alloc(type, description,
current->fsuid, current->fsgid, current, KEY_POS_ALL, current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
flags); flags);
if (IS_ERR(key)) if (IS_ERR(key))
goto alloc_failed; goto alloc_failed;
...@@ -342,7 +342,7 @@ static struct key *construct_key_and_link(struct key_type *type, ...@@ -342,7 +342,7 @@ static struct key *construct_key_and_link(struct key_type *type,
struct key *key; struct key *key;
int ret; int ret;
user = key_user_lookup(current->fsuid); user = key_user_lookup(current_fsuid());
if (!user) if (!user)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
......
...@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, ...@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
sprintf(desc, "%x", target->serial); sprintf(desc, "%x", target->serial);
authkey = key_alloc(&key_type_request_key_auth, desc, authkey = key_alloc(&key_type_request_key_auth, desc,
current->fsuid, current->fsgid, current, current_fsuid(), current_fsgid(), current,
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(authkey)) { if (IS_ERR(authkey)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment