diff options
author | Arun Raghavan <arunsr@cse.iitk.ac.in> | 2008-04-29 01:01:28 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 08:06:16 -0700 |
commit | 6b79ccb5144f9ffb4d4596c23e7570238dd12abc (patch) | |
tree | e674339e9f86c3607304496792b417b0ed66de6f | |
parent | da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e (diff) | |
download | linux-6b79ccb5144f9ffb4d4596c23e7570238dd12abc.tar.gz linux-6b79ccb5144f9ffb4d4596c23e7570238dd12abc.tar.bz2 linux-6b79ccb5144f9ffb4d4596c23e7570238dd12abc.zip |
keys: allow clients to set key perms in key_create_or_update()
The key_create_or_update() function provided by the keyring code has a default
set of permissions that are always applied to the key when created. This
might not be desirable to all clients.
Here's a patch that adds a "perm" parameter to the function to address this,
which can be set to KEY_PERM_UNDEF to revert to the current behaviour.
Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | include/linux/key.h | 3 | ||||
-rw-r--r-- | security/keys/key.c | 18 | ||||
-rw-r--r-- | security/keys/keyctl.c | 3 |
3 files changed, 15 insertions, 9 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 163f864b6bd4..8b0bd3393abc 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -67,6 +67,8 @@ struct key; #define KEY_OTH_SETATTR 0x00000020 #define KEY_OTH_ALL 0x0000003f +#define KEY_PERM_UNDEF 0xffffffff + struct seq_file; struct user_struct; struct signal_struct; @@ -232,6 +234,7 @@ extern key_ref_t key_create_or_update(key_ref_t keyring, const char *description, const void *payload, size_t plen, + key_perm_t perm, unsigned long flags); extern int key_update(key_ref_t key, diff --git a/security/keys/key.c b/security/keys/key.c index 654d23baf352..d98c61953be6 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -757,11 +757,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, const char *description, const void *payload, size_t plen, + key_perm_t perm, unsigned long flags) { struct key_type *ktype; struct key *keyring, *key = NULL; - key_perm_t perm; key_ref_t key_ref; int ret; @@ -806,15 +806,17 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto found_matching_key; } - /* decide on the permissions we want */ - perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; - perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; + /* if the client doesn't provide, decide on the permissions we want */ + if (perm == KEY_PERM_UNDEF) { + perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; + perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; - if (ktype->read) - perm |= KEY_POS_READ | KEY_USR_READ; + if (ktype->read) + perm |= KEY_POS_READ | KEY_USR_READ; - if (ktype == &key_type_keyring || ktype->update) - perm |= KEY_USR_WRITE; + if (ktype == &key_type_keyring || ktype->update) + perm |= KEY_USR_WRITE; + } /* allocate a new key */ key = key_alloc(ktype, description, current->fsuid, current->fsgid, diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 56e963b700b9..993be634a5ef 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -112,7 +112,8 @@ asmlinkage long sys_add_key(const char __user *_type, /* create or update the requested key and add it to the target * keyring */ key_ref = key_create_or_update(keyring_ref, type, description, - payload, plen, KEY_ALLOC_IN_QUOTA); + payload, plen, KEY_PERM_UNDEF, + KEY_ALLOC_IN_QUOTA); if (!IS_ERR(key_ref)) { ret = key_ref_to_ptr(key_ref)->serial; key_ref_put(key_ref); |