]> bbs.cooldavid.org Git - net-next-2.6.git/blobdiff - security/keys/request_key_auth.c
git://bbs.cooldavid.org / net-next-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CRED: Inaugurate COW credentials
[net-next-2.6.git] / security / keys / request_key_auth.c
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 2125579d5d73447bd6959098a75fd61230fe6893..86747151ee5b680ea1591bfb00aed4475e104f5f 100644 (file)
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key)
 
        kenter("{%d}", key->serial);
 
-       if (rka->context) {
-               put_task_struct(rka->context);
-               rka->context = NULL;
+       if (rka->cred) {
+               put_cred(rka->cred);
+               rka->cred = NULL;
        }
 
 } /* end request_key_auth_revoke() */
@@ -122,9 +122,9 @@ static void request_key_auth_destroy(struct key *key)
 
        kenter("{%d}", key->serial);
 
-       if (rka->context) {
-               put_task_struct(rka->context);
-               rka->context = NULL;
+       if (rka->cred) {
+               put_cred(rka->cred);
+               rka->cred = NULL;
        }
 
        key_put(rka->target_key);
@@ -143,6 +143,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
                                 size_t callout_len, struct key *dest_keyring)
 {
        struct request_key_auth *rka, *irka;
+       const struct cred *cred = current->cred;
        struct key *authkey = NULL;
        char desc[20];
        int ret;
@@ -164,28 +165,25 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
 
        /* see if the calling process is already servicing the key request of
         * another process */
-       if (current->cred->request_key_auth) {
+       if (cred->request_key_auth) {
                /* it is - use that instantiation context here too */
-               down_read(&current->cred->request_key_auth->sem);
+               down_read(&cred->request_key_auth->sem);
 
                /* if the auth key has been revoked, then the key we're
                 * servicing is already instantiated */
-               if (test_bit(KEY_FLAG_REVOKED,
-                            &current->cred->request_key_auth->flags))
+               if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags))
                        goto auth_key_revoked;
 
-               irka = current->cred->request_key_auth->payload.data;
-               rka->context = irka->context;
+               irka = cred->request_key_auth->payload.data;
+               rka->cred = get_cred(irka->cred);
                rka->pid = irka->pid;
-               get_task_struct(rka->context);
 
-               up_read(&current->cred->request_key_auth->sem);
+               up_read(&cred->request_key_auth->sem);
        }
        else {
                /* it isn't - use this process as the context */
-               rka->context = current;
+               rka->cred = get_cred(cred);
                rka->pid = current->pid;
-               get_task_struct(rka->context);
        }
 
        rka->target_key = key_get(target);
@@ -197,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
        sprintf(desc, "%x", target->serial);
 
        authkey = key_alloc(&key_type_request_key_auth, desc,
-                           current_fsuid(), current_fsgid(), current,
+                           cred->fsuid, cred->fsgid, cred,
                            KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
                            KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
        if (IS_ERR(authkey)) {
@@ -205,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
                goto error_alloc;
        }
 
-       /* construct and attach to the keyring */
+       /* construct the auth key */
        ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
        if (ret < 0)
                goto error_inst;
 
-       kleave(" = {%d}", authkey->serial);
+       kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage));
        return authkey;
 
 auth_key_revoked:
-       up_read(&current->cred->request_key_auth->sem);
+       up_read(&cred->request_key_auth->sem);
        kfree(rka->callout_info);
        kfree(rka);
        kleave("= -EKEYREVOKED");
@@ -257,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key,
  */
 struct key *key_get_instantiation_authkey(key_serial_t target_id)
 {
+       const struct cred *cred = current_cred();
        struct key *authkey;
        key_ref_t authkey_ref;
 
@@ -264,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
                &key_type_request_key_auth,
                (void *) (unsigned long) target_id,
                key_get_instantiation_authkey_match,
-               current);
+               cred);
 
        if (IS_ERR(authkey_ref)) {
                authkey = ERR_CAST(authkey_ref);
Clone of davem's net-next-2.6 tree