Commit b99a9e87 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Two small cifs fixes, including one spnego upcall cifs security fix
  for stable"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: Remove some obsolete comments
  cifs: Create dedicated keyring for spnego operations
parents be1332c0 48a77aa7
...@@ -24,10 +24,13 @@ ...@@ -24,10 +24,13 @@
#include <linux/string.h> #include <linux/string.h>
#include <keys/user-type.h> #include <keys/user-type.h>
#include <linux/key-type.h> #include <linux/key-type.h>
#include <linux/keyctl.h>
#include <linux/inet.h> #include <linux/inet.h>
#include "cifsglob.h" #include "cifsglob.h"
#include "cifs_spnego.h" #include "cifs_spnego.h"
#include "cifs_debug.h" #include "cifs_debug.h"
#include "cifsproto.h"
static const struct cred *spnego_cred;
/* create a new cifs key */ /* create a new cifs key */
static int static int
...@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) ...@@ -102,6 +105,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
size_t desc_len; size_t desc_len;
struct key *spnego_key; struct key *spnego_key;
const char *hostname = server->hostname; const char *hostname = server->hostname;
const struct cred *saved_cred;
/* length of fields (with semicolons): ver=0xyz ip4=ipaddress /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
host=hostname sec=mechanism uid=0xFF user=username */ host=hostname sec=mechanism uid=0xFF user=username */
...@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) ...@@ -163,7 +167,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
sprintf(dp, ";pid=0x%x", current->pid); sprintf(dp, ";pid=0x%x", current->pid);
cifs_dbg(FYI, "key description = %s\n", description); cifs_dbg(FYI, "key description = %s\n", description);
saved_cred = override_creds(spnego_cred);
spnego_key = request_key(&cifs_spnego_key_type, description, ""); spnego_key = request_key(&cifs_spnego_key_type, description, "");
revert_creds(saved_cred);
#ifdef CONFIG_CIFS_DEBUG2 #ifdef CONFIG_CIFS_DEBUG2
if (cifsFYI && !IS_ERR(spnego_key)) { if (cifsFYI && !IS_ERR(spnego_key)) {
...@@ -177,3 +183,64 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) ...@@ -177,3 +183,64 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
kfree(description); kfree(description);
return spnego_key; return spnego_key;
} }
int
init_cifs_spnego(void)
{
struct cred *cred;
struct key *keyring;
int ret;
cifs_dbg(FYI, "Registering the %s key type\n",
cifs_spnego_key_type.name);
/*
* Create an override credential set with special thread keyring for
* spnego upcalls.
*/
cred = prepare_kernel_cred(NULL);
if (!cred)
return -ENOMEM;
keyring = keyring_alloc(".cifs_spnego",
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto failed_put_cred;
}
ret = register_key_type(&cifs_spnego_key_type);
if (ret < 0)
goto failed_put_key;
/*
* instruct request_key() to use this special keyring as a cache for
* the results it looks up
*/
set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
cred->thread_keyring = keyring;
cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
spnego_cred = cred;
cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
return 0;
failed_put_key:
key_put(keyring);
failed_put_cred:
put_cred(cred);
return ret;
}
void
exit_cifs_spnego(void)
{
key_revoke(spnego_cred->thread_keyring);
unregister_key_type(&cifs_spnego_key_type);
put_cred(spnego_cred);
cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
}
...@@ -890,7 +890,6 @@ const struct inode_operations cifs_dir_inode_ops = { ...@@ -890,7 +890,6 @@ const struct inode_operations cifs_dir_inode_ops = {
.rmdir = cifs_rmdir, .rmdir = cifs_rmdir,
.rename2 = cifs_rename2, .rename2 = cifs_rename2,
.permission = cifs_permission, .permission = cifs_permission,
/* revalidate:cifs_revalidate, */
.setattr = cifs_setattr, .setattr = cifs_setattr,
.symlink = cifs_symlink, .symlink = cifs_symlink,
.mknod = cifs_mknod, .mknod = cifs_mknod,
...@@ -901,9 +900,8 @@ const struct inode_operations cifs_dir_inode_ops = { ...@@ -901,9 +900,8 @@ const struct inode_operations cifs_dir_inode_ops = {
}; };
const struct inode_operations cifs_file_inode_ops = { const struct inode_operations cifs_file_inode_ops = {
/* revalidate:cifs_revalidate, */
.setattr = cifs_setattr, .setattr = cifs_setattr,
.getattr = cifs_getattr, /* do we need this anymore? */ .getattr = cifs_getattr,
.permission = cifs_permission, .permission = cifs_permission,
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
.getxattr = generic_getxattr, .getxattr = generic_getxattr,
...@@ -915,9 +913,6 @@ const struct inode_operations cifs_symlink_inode_ops = { ...@@ -915,9 +913,6 @@ const struct inode_operations cifs_symlink_inode_ops = {
.readlink = generic_readlink, .readlink = generic_readlink,
.get_link = cifs_get_link, .get_link = cifs_get_link,
.permission = cifs_permission, .permission = cifs_permission,
/* BB add the following two eventually */
/* revalidate: cifs_revalidate,
setattr: cifs_notify_change, *//* BB do we need notify change */
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
.getxattr = generic_getxattr, .getxattr = generic_getxattr,
.listxattr = cifs_listxattr, .listxattr = cifs_listxattr,
...@@ -1303,7 +1298,7 @@ init_cifs(void) ...@@ -1303,7 +1298,7 @@ init_cifs(void)
goto out_destroy_mids; goto out_destroy_mids;
#ifdef CONFIG_CIFS_UPCALL #ifdef CONFIG_CIFS_UPCALL
rc = register_key_type(&cifs_spnego_key_type); rc = init_cifs_spnego();
if (rc) if (rc)
goto out_destroy_request_bufs; goto out_destroy_request_bufs;
#endif /* CONFIG_CIFS_UPCALL */ #endif /* CONFIG_CIFS_UPCALL */
...@@ -1326,7 +1321,7 @@ init_cifs(void) ...@@ -1326,7 +1321,7 @@ init_cifs(void)
out_register_key_type: out_register_key_type:
#endif #endif
#ifdef CONFIG_CIFS_UPCALL #ifdef CONFIG_CIFS_UPCALL
unregister_key_type(&cifs_spnego_key_type); exit_cifs_spnego();
out_destroy_request_bufs: out_destroy_request_bufs:
#endif #endif
cifs_destroy_request_bufs(); cifs_destroy_request_bufs();
......
...@@ -58,6 +58,8 @@ do { \ ...@@ -58,6 +58,8 @@ do { \
} while (0) } while (0)
extern int init_cifs_idmap(void); extern int init_cifs_idmap(void);
extern void exit_cifs_idmap(void); extern void exit_cifs_idmap(void);
extern int init_cifs_spnego(void);
extern void exit_cifs_spnego(void);
extern char *build_path_from_dentry(struct dentry *); extern char *build_path_from_dentry(struct dentry *);
extern char *cifs_build_path_to_root(struct smb_vol *vol, extern char *cifs_build_path_to_root(struct smb_vol *vol,
struct cifs_sb_info *cifs_sb, struct cifs_sb_info *cifs_sb,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment