CRED: Wrap task credential accesses in the key management code
Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
8192b0c482
commit
47d804bfa1
|
@ -802,7 +802,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
|
|||
}
|
||||
|
||||
/* allocate a new key */
|
||||
key = key_alloc(ktype, description, current->fsuid, current->fsgid,
|
||||
key = key_alloc(ktype, description, current_fsuid(), current_fsgid(),
|
||||
current, perm, flags);
|
||||
if (IS_ERR(key)) {
|
||||
key_ref = ERR_CAST(key);
|
||||
|
|
|
@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
|
|||
down_write(&key->sem);
|
||||
|
||||
/* if we're not the sysadmin, we can only change a key that we own */
|
||||
if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
|
||||
if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
|
||||
key->perm = perm;
|
||||
ret = 0;
|
||||
}
|
||||
|
|
|
@ -77,7 +77,7 @@ static int call_sbin_request_key(struct key_construction *cons,
|
|||
/* allocate a new session keyring */
|
||||
sprintf(desc, "_req.%u", key->serial);
|
||||
|
||||
keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
|
||||
keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
|
||||
KEY_ALLOC_QUOTA_OVERRUN, NULL);
|
||||
if (IS_ERR(keyring)) {
|
||||
ret = PTR_ERR(keyring);
|
||||
|
@ -90,8 +90,8 @@ static int call_sbin_request_key(struct key_construction *cons,
|
|||
goto error_link;
|
||||
|
||||
/* record the UID and GID */
|
||||
sprintf(uid_str, "%d", current->fsuid);
|
||||
sprintf(gid_str, "%d", current->fsgid);
|
||||
sprintf(uid_str, "%d", current_fsuid());
|
||||
sprintf(gid_str, "%d", current_fsgid());
|
||||
|
||||
/* we say which key is under construction */
|
||||
sprintf(key_str, "%d", key->serial);
|
||||
|
@ -279,7 +279,7 @@ static int construct_alloc_key(struct key_type *type,
|
|||
mutex_lock(&user->cons_lock);
|
||||
|
||||
key = key_alloc(type, description,
|
||||
current->fsuid, current->fsgid, current, KEY_POS_ALL,
|
||||
current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
|
||||
flags);
|
||||
if (IS_ERR(key))
|
||||
goto alloc_failed;
|
||||
|
@ -342,7 +342,7 @@ static struct key *construct_key_and_link(struct key_type *type,
|
|||
struct key *key;
|
||||
int ret;
|
||||
|
||||
user = key_user_lookup(current->fsuid);
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
|
|
|
@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
|
|||
sprintf(desc, "%x", target->serial);
|
||||
|
||||
authkey = key_alloc(&key_type_request_key_auth, desc,
|
||||
current->fsuid, current->fsgid, current,
|
||||
current_fsuid(), current_fsgid(), current,
|
||||
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
|
||||
KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
|
||||
if (IS_ERR(authkey)) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user