Commit 6b79ccb5144f9ffb4d4596c23e7570238dd12abc
Committed by
Linus Torvalds
1 parent
da91d2ef9f
Exists in
master
and in
20 other branches
keys: allow clients to set key perms in key_create_or_update()
The key_create_or_update() function provided by the keyring code has a default set of permissions that are always applied to the key when created. This might not be desirable to all clients. Here's a patch that adds a "perm" parameter to the function to address this, which can be set to KEY_PERM_UNDEF to revert to the current behaviour. Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 3 changed files with 15 additions and 9 deletions Side-by-side Diff
include/linux/key.h
... | ... | @@ -67,6 +67,8 @@ |
67 | 67 | #define KEY_OTH_SETATTR 0x00000020 |
68 | 68 | #define KEY_OTH_ALL 0x0000003f |
69 | 69 | |
70 | +#define KEY_PERM_UNDEF 0xffffffff | |
71 | + | |
70 | 72 | struct seq_file; |
71 | 73 | struct user_struct; |
72 | 74 | struct signal_struct; |
... | ... | @@ -232,6 +234,7 @@ |
232 | 234 | const char *description, |
233 | 235 | const void *payload, |
234 | 236 | size_t plen, |
237 | + key_perm_t perm, | |
235 | 238 | unsigned long flags); |
236 | 239 | |
237 | 240 | extern int key_update(key_ref_t key, |
security/keys/key.c
... | ... | @@ -757,11 +757,11 @@ |
757 | 757 | const char *description, |
758 | 758 | const void *payload, |
759 | 759 | size_t plen, |
760 | + key_perm_t perm, | |
760 | 761 | unsigned long flags) |
761 | 762 | { |
762 | 763 | struct key_type *ktype; |
763 | 764 | struct key *keyring, *key = NULL; |
764 | - key_perm_t perm; | |
765 | 765 | key_ref_t key_ref; |
766 | 766 | int ret; |
767 | 767 | |
768 | 768 | |
769 | 769 | |
... | ... | @@ -806,15 +806,17 @@ |
806 | 806 | goto found_matching_key; |
807 | 807 | } |
808 | 808 | |
809 | - /* decide on the permissions we want */ | |
810 | - perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | |
811 | - perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; | |
809 | + /* if the client doesn't provide, decide on the permissions we want */ | |
810 | + if (perm == KEY_PERM_UNDEF) { | |
811 | + perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | |
812 | + perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; | |
812 | 813 | |
813 | - if (ktype->read) | |
814 | - perm |= KEY_POS_READ | KEY_USR_READ; | |
814 | + if (ktype->read) | |
815 | + perm |= KEY_POS_READ | KEY_USR_READ; | |
815 | 816 | |
816 | - if (ktype == &key_type_keyring || ktype->update) | |
817 | - perm |= KEY_USR_WRITE; | |
817 | + if (ktype == &key_type_keyring || ktype->update) | |
818 | + perm |= KEY_USR_WRITE; | |
819 | + } | |
818 | 820 | |
819 | 821 | /* allocate a new key */ |
820 | 822 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, |
security/keys/keyctl.c
... | ... | @@ -112,7 +112,8 @@ |
112 | 112 | /* create or update the requested key and add it to the target |
113 | 113 | * keyring */ |
114 | 114 | key_ref = key_create_or_update(keyring_ref, type, description, |
115 | - payload, plen, KEY_ALLOC_IN_QUOTA); | |
115 | + payload, plen, KEY_PERM_UNDEF, | |
116 | + KEY_ALLOC_IN_QUOTA); | |
116 | 117 | if (!IS_ERR(key_ref)) { |
117 | 118 | ret = key_ref_to_ptr(key_ref)->serial; |
118 | 119 | key_ref_put(key_ref); |