cifs: Create dedicated keyring for spnego operations (b74cb9a8) · Commits · 戴 / test

fs/cifs/cifs_spnego.c

+67 −0

Original line number	Diff line number	Diff line
		@@ -24,10 +24,13 @@
		#include <linux/string.h>
		#include <keys/user-type.h>
		#include <linux/key-type.h>
		#include <linux/keyctl.h>
		#include <linux/inet.h>
		#include "cifsglob.h"
		#include "cifs_spnego.h"
		#include "cifs_debug.h"
		#include "cifsproto.h"
		static const struct cred *spnego_cred;

		/* create a new cifs key */
		static int
		@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
		size_t desc_len;
		struct key *spnego_key;
		const char *hostname = server->hostname;
		const struct cred *saved_cred;

		/* length of fields (with semicolons): ver=0xyz ip4=ipaddress
		host=hostname sec=mechanism uid=0xFF user=username */
		@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
		sprintf(dp, ";pid=0x%x", current->pid);

		cifs_dbg(FYI, "key description = %s\n", description);
		saved_cred = override_creds(spnego_cred);
		spnego_key = request_key(&cifs_spnego_key_type, description, "");
		revert_creds(saved_cred);

		#ifdef CONFIG_CIFS_DEBUG2
		if (cifsFYI && !IS_ERR(spnego_key)) {
		@@ -177,3 +183,64 @@ out:
		kfree(description);
		return spnego_key;
		}

		int
		init_cifs_spnego(void)
		{
		struct cred *cred;
		struct key *keyring;
		int ret;

		cifs_dbg(FYI, "Registering the %s key type\n",
		cifs_spnego_key_type.name);

		/*
		* Create an override credential set with special thread keyring for
		* spnego upcalls.
		*/

		cred = prepare_kernel_cred(NULL);
		if (!cred)
		return -ENOMEM;

		keyring = keyring_alloc(".cifs_spnego",
		GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
		(KEY_POS_ALL & ~KEY_POS_SETATTR) \|
		KEY_USR_VIEW \| KEY_USR_READ,
		KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
		if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
		}

		ret = register_key_type(&cifs_spnego_key_type);
		if (ret < 0)
		goto failed_put_key;

		/*
		* instruct request_key() to use this special keyring as a cache for
		* the results it looks up
		*/
		set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
		cred->thread_keyring = keyring;
		cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
		spnego_cred = cred;

		cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
		return 0;

		failed_put_key:
		key_put(keyring);
		failed_put_cred:
		put_cred(cred);
		return ret;
		}

		void
		exit_cifs_spnego(void)
		{
		key_revoke(spnego_cred->thread_keyring);
		unregister_key_type(&cifs_spnego_key_type);
		put_cred(spnego_cred);
		cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
		}

fs/cifs/cifsfs.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1303,7 +1303,7 @@ init_cifs(void)
		goto out_destroy_mids;

		#ifdef CONFIG_CIFS_UPCALL
		rc = register_key_type(&cifs_spnego_key_type);
		rc = init_cifs_spnego();
		if (rc)
		goto out_destroy_request_bufs;
		#endif /* CONFIG_CIFS_UPCALL */
		@@ -1326,7 +1326,7 @@ out_init_cifs_idmap:
		out_register_key_type:
		#endif
		#ifdef CONFIG_CIFS_UPCALL
		unregister_key_type(&cifs_spnego_key_type);
		exit_cifs_spnego();
		out_destroy_request_bufs:
		#endif
		cifs_destroy_request_bufs();

fs/cifs/cifsproto.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -58,6 +58,8 @@ do { \
		} while (0)
		extern int init_cifs_idmap(void);
		extern void exit_cifs_idmap(void);
		extern int init_cifs_spnego(void);
		extern void exit_cifs_spnego(void);
		extern char build_path_from_dentry(struct dentry );
		extern char cifs_build_path_to_root(struct smb_vol vol,
		struct cifs_sb_info *cifs_sb,

Admin message