From: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-afs-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: [PATCH 1/6] KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key
Date: Thu, 22 Jul 2010 18:32:51 +0100 [thread overview]
Message-ID: <20100722173251.1512.29858.stgit@warthog.procyon.org.uk> (raw)
Authorise a process to perform keyctl_set_timeout() on an uninstantiated key if
that process has the authorisation key for it.
This allows the instantiator to set the timeout on a key it is instantiating -
provided it does it before instantiating the key.
For instance, the test upcall script provided with the keyutils package could
be modified to set the expiry to an hour hence before instantiating the key:
[/usr/share/keyutils/request-key-debug.sh]
if [ "$3" != "neg" ]
then
+ keyctl timeout $1 3600
keyctl instantiate $1 "Debug $3" $4 || exit 1
else
Signed-off-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
security/keys/keyctl.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 6261745..639226a 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1091,7 +1091,7 @@ error:
long keyctl_set_timeout(key_serial_t id, unsigned timeout)
{
struct timespec now;
- struct key *key;
+ struct key *key, *instkey;
key_ref_t key_ref;
time_t expiry;
long ret;
@@ -1099,10 +1099,25 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
KEY_SETATTR);
if (IS_ERR(key_ref)) {
+ /* setting the timeout on a key under construction is permitted
+ * if we have the authorisation token handy */
+ if (PTR_ERR(key_ref) == -EACCES) {
+ instkey = key_get_instantiation_authkey(id);
+ if (!IS_ERR(instkey)) {
+ key_put(instkey);
+ key_ref = lookup_user_key(id,
+ KEY_LOOKUP_PARTIAL,
+ 0);
+ if (!IS_ERR(key_ref))
+ goto okay;
+ }
+ }
+
ret = PTR_ERR(key_ref);
goto error;
}
+okay:
key = key_ref_to_ptr(key_ref);
/* make the changes with the locks held to prevent races */
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: smfrench@gmail.com, jlayton@redhat.com
Cc: linux-fsdevel@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
David Howells <dhowells@redhat.com>
Subject: [PATCH 1/6] KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key
Date: Thu, 22 Jul 2010 18:32:51 +0100 [thread overview]
Message-ID: <20100722173251.1512.29858.stgit@warthog.procyon.org.uk> (raw)
Authorise a process to perform keyctl_set_timeout() on an uninstantiated key if
that process has the authorisation key for it.
This allows the instantiator to set the timeout on a key it is instantiating -
provided it does it before instantiating the key.
For instance, the test upcall script provided with the keyutils package could
be modified to set the expiry to an hour hence before instantiating the key:
[/usr/share/keyutils/request-key-debug.sh]
if [ "$3" != "neg" ]
then
+ keyctl timeout $1 3600
keyctl instantiate $1 "Debug $3" $4 || exit 1
else
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyctl.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 6261745..639226a 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1091,7 +1091,7 @@ error:
long keyctl_set_timeout(key_serial_t id, unsigned timeout)
{
struct timespec now;
- struct key *key;
+ struct key *key, *instkey;
key_ref_t key_ref;
time_t expiry;
long ret;
@@ -1099,10 +1099,25 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
KEY_SETATTR);
if (IS_ERR(key_ref)) {
+ /* setting the timeout on a key under construction is permitted
+ * if we have the authorisation token handy */
+ if (PTR_ERR(key_ref) == -EACCES) {
+ instkey = key_get_instantiation_authkey(id);
+ if (!IS_ERR(instkey)) {
+ key_put(instkey);
+ key_ref = lookup_user_key(id,
+ KEY_LOOKUP_PARTIAL,
+ 0);
+ if (!IS_ERR(key_ref))
+ goto okay;
+ }
+ }
+
ret = PTR_ERR(key_ref);
goto error;
}
+okay:
key = key_ref_to_ptr(key_ref);
/* make the changes with the locks held to prevent races */
next reply other threads:[~2010-07-22 17:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-22 17:32 David Howells [this message]
2010-07-22 17:32 ` [PATCH 1/6] KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key David Howells
2010-07-22 17:32 ` [PATCH 2/6] CIFS: Fix a malicious redirect problem in the DNS lookup code David Howells
2010-07-22 17:33 ` [PATCH 3/6] CIFS: Make cifs_convert_address() take a const src pointer and a length David Howells
2010-07-22 17:47 ` Jeff Layton
[not found] ` <20100722173301.1512.52037.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2010-08-04 4:21 ` Steve French
2010-08-04 4:21 ` Steve French
2010-07-22 17:33 ` [PATCH 4/6] DNS: Separate out CIFS DNS Resolver code David Howells
[not found] ` <20100722173251.1512.29858.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2010-07-22 17:33 ` [PATCH 5/6] DNS: Implement option parsing on dns_resolver results David Howells
2010-07-22 17:33 ` David Howells
2010-07-22 17:34 ` [PATCH 1/6] KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key David Howells
2010-07-22 17:34 ` David Howells
2010-07-22 17:33 ` [PATCH 6/6] DNS: Make AFS go to the DNS for AFSDB records for unknown cells David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100722173251.1512.29858.stgit@warthog.procyon.org.uk \
--to=dhowells-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-afs-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.