LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] Allow clients to set key perms in key_create_or_update()
@ 2008-03-06 11:39 Arun Raghavan
2008-03-07 9:48 ` David Howells
2008-03-07 14:29 ` David Howells
0 siblings, 2 replies; 4+ messages in thread
From: Arun Raghavan @ 2008-03-06 11:39 UTC (permalink / raw)
To: David Howells, linux-kernel
[-- Attachment #1.1: Type: text/plain, Size: 426 bytes --]
Hello,
The key_create_or_update() function provided by the keyring code has a
default set of permissions that are always applied to the key when
created. This might not be desirable to all clients.
Here's a patch that adds a "perm" parameter to the function to address
this, which can be set to KEY_PERM_UNDEF to revert to the current behaviour.
Cheers,
Arun
[please CC me on replies -- I'm not on the LKML)
[-- Attachment #1.2: key_create_or_update-with-perms.diff --]
[-- Type: text/plain, Size: 2689 bytes --]
diff --git a/include/linux/key.h b/include/linux/key.h
index a70b8a8..5b09ad6 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -67,6 +67,8 @@ struct key;
#define KEY_OTH_SETATTR 0x00000020
#define KEY_OTH_ALL 0x0000003f
+#define KEY_PERM_UNDEF 0xffffffff
+
struct seq_file;
struct user_struct;
struct signal_struct;
@@ -229,6 +231,7 @@ extern key_ref_t key_create_or_update(key_ref_t keyring,
const char *description,
const void *payload,
size_t plen,
+ key_perm_t perm,
unsigned long flags);
extern int key_update(key_ref_t key,
diff --git a/security/keys/key.c b/security/keys/key.c
index fdd5ca6..ca1d921 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -757,11 +757,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
const char *description,
const void *payload,
size_t plen,
+ key_perm_t perm,
unsigned long flags)
{
struct key_type *ktype;
struct key *keyring, *key = NULL;
- key_perm_t perm;
key_ref_t key_ref;
int ret;
@@ -806,15 +806,17 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
goto found_matching_key;
}
- /* decide on the permissions we want */
- perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
- perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
+ /* if the client doesn't provide, decide on the permissions we want */
+ if (perm == KEY_PERM_UNDEF) {
+ perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
+ perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
- if (ktype->read)
- perm |= KEY_POS_READ | KEY_USR_READ;
+ if (ktype->read)
+ perm |= KEY_POS_READ | KEY_USR_READ;
- if (ktype == &key_type_keyring || ktype->update)
- perm |= KEY_USR_WRITE;
+ if (ktype == &key_type_keyring || ktype->update)
+ perm |= KEY_USR_WRITE;
+ }
/* allocate a new key */
key = key_alloc(ktype, description, current->fsuid, current->fsgid,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index d9ca15c..90ba663 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -102,7 +102,8 @@ asmlinkage long sys_add_key(const char __user *_type,
/* create or update the requested key and add it to the target
* keyring */
key_ref = key_create_or_update(keyring_ref, type, description,
- payload, plen, KEY_ALLOC_IN_QUOTA);
+ payload, plen, KEY_PERM_UNDEF,
+ KEY_ALLOC_IN_QUOTA);
if (!IS_ERR(key_ref)) {
ret = key_ref_to_ptr(key_ref)->serial;
key_ref_put(key_ref);
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow clients to set key perms in key_create_or_update()
2008-03-06 11:39 [PATCH] Allow clients to set key perms in key_create_or_update() Arun Raghavan
@ 2008-03-07 9:48 ` David Howells
2008-03-07 14:29 ` David Howells
1 sibling, 0 replies; 4+ messages in thread
From: David Howells @ 2008-03-07 9:48 UTC (permalink / raw)
To: Arun Raghavan; +Cc: dhowells, linux-kernel
Arun Raghavan <arunsr@cse.iitk.ac.in> wrote:
> The key_create_or_update() function provided by the keyring code has a default
> set of permissions that are always applied to the key when created. This might
> not be desirable to all clients.
>
> Here's a patch that adds a "perm" parameter to the function to address this,
> which can be set to KEY_PERM_UNDEF to revert to the current behaviour.
I'll get to this shortly. I'm just creating another keyrings patch, so I'll
look at yours afterwards.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow clients to set key perms in key_create_or_update()
2008-03-06 11:39 [PATCH] Allow clients to set key perms in key_create_or_update() Arun Raghavan
2008-03-07 9:48 ` David Howells
@ 2008-03-07 14:29 ` David Howells
2008-03-07 16:01 ` Arun Raghavan
1 sibling, 1 reply; 4+ messages in thread
From: David Howells @ 2008-03-07 14:29 UTC (permalink / raw)
To: Arun Raghavan; +Cc: dhowells, linux-kernel
Can you provide a signed-off-by line too?
Thanks,
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Allow clients to set key perms in key_create_or_update()
2008-03-07 14:29 ` David Howells
@ 2008-03-07 16:01 ` Arun Raghavan
0 siblings, 0 replies; 4+ messages in thread
From: Arun Raghavan @ 2008-03-07 16:01 UTC (permalink / raw)
To: David Howells; +Cc: Arun Raghavan, linux-kernel
On Fri, 7 Mar 2008, David Howells wrote:
>
> Can you provide a signed-off-by line too?
Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-03-07 16:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-06 11:39 [PATCH] Allow clients to set key perms in key_create_or_update() Arun Raghavan
2008-03-07 9:48 ` David Howells
2008-03-07 14:29 ` David Howells
2008-03-07 16:01 ` Arun Raghavan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).