CRED: Wrap task credential accesses in the key management code

Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>

CRED: Wrap task credential accesses in the key management code
Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells · James Morris
1 parent 8192b0c482
Showing 4 changed files with 8 additions and 8 deletions Side-by-side Diff
security/keys/key.c
security/keys/keyctl.c
security/keys/request_key.c
security/keys/request_key_auth.c
@@ -802,7 +802,7 @@
 	}
  
 	/* allocate a new key */
-	key = key_alloc(ktype, description, current->fsuid, current->fsgid,
+	key = key_alloc(ktype, description, current_fsuid(), current_fsgid(),
 			current, perm, flags);
 	if (IS_ERR(key)) {
 		key_ref = ERR_CAST(key);
@@ -817,7 +817,7 @@
 	down_write(&key->sem);
  
 	/* if we're not the sysadmin, we can only change a key that we own */
-	if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
+	if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
 		key->perm = perm;
 		ret = 0;
 	}
@@ -77,7 +77,7 @@
 	/* allocate a new session keyring */
 	sprintf(desc, "_req.%u", key->serial);
  
-	keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
+	keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
 	if (IS_ERR(keyring)) {
 		ret = PTR_ERR(keyring);
@@ -90,8 +90,8 @@
 		goto error_link;
  
 	/* record the UID and GID */
-	sprintf(uid_str, "%d", current->fsuid);
-	sprintf(gid_str, "%d", current->fsgid);
+	sprintf(uid_str, "%d", current_fsuid());
+	sprintf(gid_str, "%d", current_fsgid());
  
 	/* we say which key is under construction */
 	sprintf(key_str, "%d", key->serial);
@@ -279,7 +279,7 @@
 	mutex_lock(&user->cons_lock);
  
 	key = key_alloc(type, description,
-			current->fsuid, current->fsgid, current, KEY_POS_ALL,
+			current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
 			flags);
 	if (IS_ERR(key))
 		goto alloc_failed;
@@ -342,7 +342,7 @@
 	struct key *key;
 	int ret;
  
-	user = key_user_lookup(current->fsuid);
+	user = key_user_lookup(current_fsuid());
 	if (!user)
 		return ERR_PTR(-ENOMEM);
  
@@ -195,7 +195,7 @@
 	sprintf(desc, "%x", target->serial);
  
 	authkey = key_alloc(&key_type_request_key_auth, desc,
-			    current->fsuid, current->fsgid, current,
+			    current_fsuid(), current_fsgid(), current,
 			    KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
 			    KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
 	if (IS_ERR(authkey)) {
...	...	@@ -802,7 +802,7 @@
802	802	}
803	803
804	804	/* allocate a new key */
805		- key = key_alloc(ktype, description, current->fsuid, current->fsgid,
	805	+ key = key_alloc(ktype, description, current_fsuid(), current_fsgid(),
806	806	current, perm, flags);
807	807	if (IS_ERR(key)) {
808	808	key_ref = ERR_CAST(key);
...	...	@@ -817,7 +817,7 @@
817	817	down_write(&key->sem);
818	818
819	819	/* if we're not the sysadmin, we can only change a key that we own */
820		- if (capable(CAP_SYS_ADMIN) \|\| key->uid == current->fsuid) {
	820	+ if (capable(CAP_SYS_ADMIN) \|\| key->uid == current_fsuid()) {
821	821	key->perm = perm;
822	822	ret = 0;
823	823	}
...	...	@@ -77,7 +77,7 @@
77	77	/* allocate a new session keyring */
78	78	sprintf(desc, "_req.%u", key->serial);
79	79
80		- keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
	80	+ keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
81	81	KEY_ALLOC_QUOTA_OVERRUN, NULL);
82	82	if (IS_ERR(keyring)) {
83	83	ret = PTR_ERR(keyring);
...	...	@@ -90,8 +90,8 @@
90	90	goto error_link;
91	91
92	92	/* record the UID and GID */
93		- sprintf(uid_str, "%d", current->fsuid);
94		- sprintf(gid_str, "%d", current->fsgid);
	93	+ sprintf(uid_str, "%d", current_fsuid());
	94	+ sprintf(gid_str, "%d", current_fsgid());
95	95
96	96	/* we say which key is under construction */
97	97	sprintf(key_str, "%d", key->serial);
...	...	@@ -279,7 +279,7 @@
279	279	mutex_lock(&user->cons_lock);
280	280
281	281	key = key_alloc(type, description,
282		- current->fsuid, current->fsgid, current, KEY_POS_ALL,
	282	+ current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
283	283	flags);
284	284	if (IS_ERR(key))
285	285	goto alloc_failed;
...	...	@@ -342,7 +342,7 @@
342	342	struct key *key;
343	343	int ret;
344	344
345		- user = key_user_lookup(current->fsuid);
	345	+ user = key_user_lookup(current_fsuid());
346	346	if (!user)
347	347	return ERR_PTR(-ENOMEM);
348	348
...	...	@@ -195,7 +195,7 @@
195	195	sprintf(desc, "%x", target->serial);
196	196
197	197	authkey = key_alloc(&key_type_request_key_auth, desc,
198		- current->fsuid, current->fsgid, current,
	198	+ current_fsuid(), current_fsgid(), current,
199	199	KEY_POS_VIEW \| KEY_POS_READ \| KEY_POS_SEARCH \|
200	200	KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
201	201	if (IS_ERR(authkey)) {