Re: [PATCH 3/3] Keys: Make request-key create an authorisation key

From: Benoit Boissinot (bboissin_at_gmail.com)
Date: 03/31/05

Next message: Chen, Kenneth W: "RE: Industry db benchmark result on recent 2.6 kernels"

Previous message: Alan Stern: "Re: klists and struct device semaphores"
In reply to: David Howells: "[PATCH 3/3] Keys: Make request-key create an authorisation key"
Next in thread: David Howells: "[PATCH 2/3] Keys: Use RCU to manage session keyring pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Thu, 31 Mar 2005 14:50:37 -0500
To: David Howells <dhowells@redhat.com>

On Wed, 23 Mar 2005 20:52:45 +0000, David Howells <dhowells@redhat.com> wrote:
>
> The attached patch makes the following changes:
>
> (6) One of the process keyrings can be nominated as the default to which
> request_key() should attach new keys if not otherwise specified. This is
> done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_*
> constants. The current setting can also be read using this call.
>
>
> Signed-Off-By: David Howells <dhowells@redhat.com>
> ---
> @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id,
>
> /*****************************************************************************/
> /*
> + * set the default keyring in which request_key() will cache keys
> + * - return the old setting
> + */
> +long keyctl_set_reqkey_keyring(int reqkey_defl)
> +{
> + int ret;
> +
> + switch (reqkey_defl) {
> + case KEY_REQKEY_DEFL_THREAD_KEYRING:
> + ret = install_thread_keyring(current);
> + if (ret < 0)
> + return ret;
> + goto set;
> +
> + case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> + ret = install_process_keyring(current);
> + if (ret < 0)
> + return ret;
> +
> + case KEY_REQKEY_DEFL_DEFAULT:
> + case KEY_REQKEY_DEFL_SESSION_KEYRING:
> + case KEY_REQKEY_DEFL_USER_KEYRING:
> + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> + set:
> + current->jit_keyring = reqkey_defl;
> +
> + case KEY_REQKEY_DEFL_NO_CHANGE:
> + return current->jit_keyring;
> +
> + case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL__GROUP_KEYRING

> + default:
> + return -EINVAL;
> + }
> +
> +} /* end keyctl_set_reqkey_keyring() */
> +

> @@ -267,21 +294,84 @@ static struct key *request_key_construct
>
> /*****************************************************************************/
> /*
> + * link a freshly minted key to an appropriate destination keyring
> + */
> +static void request_key_link(struct key *key, struct key *dest_keyring)
> +{
> + struct task_struct *tsk = current;
> + struct key *drop = NULL;
> +
> + kenter("{%d},%p", key->serial, dest_keyring);
> +
> + /* find the appropriate keyring */
> + if (!dest_keyring) {
> + switch (tsk->jit_keyring) {
> + case KEY_REQKEY_DEFL_DEFAULT:
> + case KEY_REQKEY_DEFL_THREAD_KEYRING:
> + dest_keyring = tsk->thread_keyring;
> + if (dest_keyring)
> + break;
> +
> + case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> + dest_keyring = tsk->signal->process_keyring;
> + if (dest_keyring)
> + break;
> +
> + case KEY_REQKEY_DEFL_SESSION_KEYRING:
> + rcu_read_lock();
> + dest_keyring = key_get(
> + rcu_dereference(tsk->signal->session_keyring));
> + rcu_read_unlock();
> + drop = dest_keyring;
> +
> + if (dest_keyring)
> + break;
> +
> + case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> + dest_keyring = current->user->session_keyring;
> + break;
> +
> + case KEY_REQKEY_DEFL_USER_KEYRING:
> + dest_keyring = current->user->uid_keyring;
> + break;
> +
> + case KEY_REQKEY_DEFL_NO_CHANGE:

gcc-4 warns about this (warning: case label value is less than minimum
value for type) and it shouldn't be in jit_keyring anyway.

> + case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL_GROUP_KEYRING
> + default:
> + BUG();
> + }
> + }
> +
> + /* and attach the key to it */
> + key_link(dest_keyring, key);

patch attached.

regards,

Benoit

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

application/octet-stream attachment: keys.patch

Next message: Chen, Kenneth W: "RE: Industry db benchmark result on recent 2.6 kernels"

Previous message: Alan Stern: "Re: klists and struct device semaphores"
In reply to: David Howells: "[PATCH 3/3] Keys: Make request-key create an authorisation key"
Next in thread: David Howells: "[PATCH 2/3] Keys: Use RCU to manage session keyring pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

[patch] inotify: make our sysfs files show up
... miscdevice") this patch uses the newly attainable class_device value to ... In order to attach attributes to the class_device, ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: XFS strangeness, xfs_db out of memory
... so I'm looking for something to attach to a ... It was bk changeset 1.1803.135.5 -- I'll send you a patch off-list. ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: Software Suspend 2.0
... I made a patch against 2.6.2-rc2 to fix the rejects which hasn't seemed ... to make it to the list yet so I will attach again. ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: Linux 2.4.27-pre6: visor.c (patch)
... Forgot to attach this trivial patch... ... send the line "unsubscribe linux-kernel" in ... Please read the FAQ at http://www.tux.org/lkml/ ...
(Linux-Kernel)
Re: [parisc-linux] Re: [PATCH 3/9] mm: parisc pte atomicity
... using your own tmpalias area sounds much better than getting ... I've simply not wrapped my head around the races, ... it looks like we agree that my patch is necessary and valid as is; ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)