CRED: Separate task security context from task_struct

[mirror_ubuntu-artful-kernel.git] / security / keys / request_key_auth.c

diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index bd237b0a6331efffeff58b6ab6b300f823cd76aa..2125579d5d73447bd6959098a75fd61230fe6893 100644 (file)
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -128,6 +128,7 @@ static void request_key_auth_destroy(struct key *key)
        }
 
        key_put(rka->target_key);
+       key_put(rka->dest_keyring);
        kfree(rka->callout_info);
        kfree(rka);
 
@@ -139,7 +140,7 @@ static void request_key_auth_destroy(struct key *key)
  * access to the caller's security data
  */
 struct key *request_key_auth_new(struct key *target, const void *callout_info,
-                                size_t callout_len)
+                                size_t callout_len, struct key *dest_keyring)
 {
        struct request_key_auth *rka, *irka;
        struct key *authkey = NULL;
@@ -163,22 +164,22 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
 
        /* see if the calling process is already servicing the key request of
         * another process */
-       if (current->request_key_auth) {
+       if (current->cred->request_key_auth) {
                /* it is - use that instantiation context here too */
-               down_read(&current->request_key_auth->sem);
+               down_read(&current->cred->request_key_auth->sem);
 
                /* if the auth key has been revoked, then the key we're
                 * servicing is already instantiated */
                if (test_bit(KEY_FLAG_REVOKED,
-                            &current->request_key_auth->flags))
+                            &current->cred->request_key_auth->flags))
                        goto auth_key_revoked;
 
-               irka = current->request_key_auth->payload.data;
+               irka = current->cred->request_key_auth->payload.data;
                rka->context = irka->context;
                rka->pid = irka->pid;
                get_task_struct(rka->context);
 
-               up_read(&current->request_key_auth->sem);
+               up_read(&current->cred->request_key_auth->sem);
        }
        else {
                /* it isn't - use this process as the context */
@@ -188,6 +189,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
        }
 
        rka->target_key = key_get(target);
+       rka->dest_keyring = key_get(dest_keyring);
        memcpy(rka->callout_info, callout_info, callout_len);
        rka->callout_len = callout_len;
 
@@ -195,7 +197,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
        sprintf(desc, "%x", target->serial);
 
        authkey = key_alloc(&key_type_request_key_auth, desc,
-                           current->fsuid, current->fsgid, current,
+                           current_fsuid(), current_fsgid(), current,
                            KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
                            KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
        if (IS_ERR(authkey)) {
@@ -212,7 +214,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
        return authkey;
 
 auth_key_revoked:
-       up_read(&current->request_key_auth->sem);
+       up_read(&current->cred->request_key_auth->sem);
        kfree(rka->callout_info);
        kfree(rka);
        kleave("= -EKEYREVOKED");
@@ -223,6 +225,7 @@ error_inst:
        key_put(authkey);
 error_alloc:
        key_put(rka->target_key);
+       key_put(rka->dest_keyring);
        kfree(rka->callout_info);
        kfree(rka);
        kleave("= %d", ret);