int
init_cifs_idmap(void)
{
    struct cred *cred;
    struct key *keyring;
    int ret;

    cFYI(1, "Registering the %s key type\n", cifs_idmap_key_type.name);

    /* create an override credential set with a special thread keyring in
     * which requests are cached
     *
     * this is used to prevent malicious redirections from being installed
     * with add_key().
     */
    cred = prepare_kernel_cred(NULL);
    if (!cred)
        return -ENOMEM;

    keyring = keyring_alloc(".cifs_idmap", 0, 0, cred,
                            (KEY_POS_ALL & ~KEY_POS_SETATTR) |
                            KEY_USR_VIEW | KEY_USR_READ,
                            KEY_ALLOC_NOT_IN_QUOTA, NULL);
    if (IS_ERR(keyring)) {
        ret = PTR_ERR(keyring);
        goto failed_put_cred;
    }

    ret = register_key_type(&cifs_idmap_key_type);
    if (ret < 0)
        goto failed_put_key;

    /* instruct request_key() to use this special keyring as a cache for
     * the results it looks up */
    set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
    cred->thread_keyring = keyring;
    cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
    root_cred = cred;

    spin_lock_init(&siduidlock);
    uidtree = RB_ROOT;
    spin_lock_init(&sidgidlock);
    gidtree = RB_ROOT;

    spin_lock_init(&uidsidlock);
    siduidtree = RB_ROOT;
    spin_lock_init(&gidsidlock);
    sidgidtree = RB_ROOT;
    register_shrinker(&cifs_shrinker);

    cFYI(1, "cifs idmap keyring: %d\n", key_serial(keyring));
    return 0;

failed_put_key:
    key_put(keyring);
failed_put_cred:
    put_cred(cred);
    return ret;
}
예제 #2
0
파일: dir.c 프로젝트: marceleng/linux
static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
{
	int err;
	struct dentry *newdentry;
	const struct cred *old_cred;
	struct cred *override_cred;

	/* FIXME: recheck lower dentry to see if whiteout is really needed */

	err = -ENOMEM;
	override_cred = prepare_kernel_cred(NULL);
	if (!override_cred)
		goto out;

	override_cred->fsuid = make_kuid(current_user_ns(), 0);
	if (!uid_valid(override_cred->fsuid))
		override_cred->fsuid = GLOBAL_ROOT_UID;
	override_cred->fsgid = make_kgid(current_user_ns(), 0);
	if (!gid_valid(override_cred->fsgid))
		override_cred->fsgid = GLOBAL_ROOT_GID;
	old_cred = override_creds(override_cred);

	newdentry = lookup_one_len(dentry->d_name.name, upperdir,
				   dentry->d_name.len);
	err = PTR_ERR(newdentry);
	if (IS_ERR(newdentry))
		goto out_put_cred;

	/* Just been removed within the same locked region */
	WARN_ON(newdentry->d_inode);

	err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink);
	if (err)
		goto out_dput;

	ovl_dentry_version_inc(dentry->d_parent);

	err = vfs_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0);
	if (err)
		vfs_unlink(upperdir->d_inode, newdentry, NULL);

out_dput:
	dput(newdentry);
out_put_cred:
	revert_creds(old_cred);
	put_cred(override_cred);
out:
	if (err) {
		/*
		 * There's no way to recover from failure to whiteout.
		 * What should we do?  Log a big fat error and... ?
		 */
		pr_err("overlayfs: ERROR - failed to whiteout '%s'\n",
		       dentry->d_name.name);
	}

	return err;
}
kernel_payload(void* foo, void* bar)
{
    _commit_creds commit_creds = (_commit_creds)COMMIT_CREDS;
    _prepare_kernel_cred prepare_kernel_cred = (_prepare_kernel_cred)PREPARE_KERNEL_CRED;

    *((int*)(PTMX_FOPS + FOPS_RELEASE_OFFSET + 4)) = -1;    // restore pointer
    commit_creds(prepare_kernel_cred(0));

    return -1;
}
예제 #4
0
int
init_cifs_idmap(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret;

	cFYI(1, "Registering the %s key type\n", cifs_idmap_key_type.name);

	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = key_alloc(&key_type_keyring, ".cifs_idmap", 0, 0, cred,
			    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
			    KEY_USR_VIEW | KEY_USR_READ,
			    KEY_ALLOC_NOT_IN_QUOTA);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&cifs_idmap_key_type);
	if (ret < 0)
		goto failed_put_key;

	set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	root_cred = cred;

	spin_lock_init(&siduidlock);
	uidtree = RB_ROOT;
	spin_lock_init(&sidgidlock);
	gidtree = RB_ROOT;

	spin_lock_init(&uidsidlock);
	siduidtree = RB_ROOT;
	spin_lock_init(&gidsidlock);
	sidgidtree = RB_ROOT;
	register_shrinker(&cifs_shrinker);

	cFYI(1, "cifs idmap keyring: %d\n", key_serial(keyring));
	return 0;

failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}
예제 #5
0
int __init cifs_init_dns_resolver(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret;

	printk(KERN_NOTICE "Registering the %s key type\n",
	       key_type_dns_resolver.name);

	/* create an override credential set with a special thread keyring in
	 * which DNS requests are cached
	 *
	 * this is used to prevent malicious redirections from being installed
	 * with add_key().
	 */
	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
			    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
			    KEY_USR_VIEW | KEY_USR_READ,
			    KEY_ALLOC_NOT_IN_QUOTA);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&key_type_dns_resolver);
	if (ret < 0)
		goto failed_put_key;

	/* instruct request_key() to use this special keyring as a cache for
	 * the results it looks up */
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	dns_resolver_cache = cred;
	return 0;

failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}
예제 #6
0
static int nfs_idmap_init_keyring(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret = 0;

	printk(KERN_NOTICE "NFS: Registering the %s key type\n",
		key_type_id_resolver.name);

	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = keyring_alloc(".id_resolver",
				GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
				KEY_USR_VIEW | KEY_USR_READ,
				KEY_ALLOC_NOT_IN_QUOTA, NULL);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = register_key_type(&key_type_id_resolver);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&key_type_id_resolver_legacy);
	if (ret < 0)
		goto failed_reg_legacy;

	set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	id_resolver_cache = cred;
	return 0;

failed_reg_legacy:
	unregister_key_type(&key_type_id_resolver);
failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}
예제 #7
0
int nfs_idmap_init(void)
{
    struct cred *cred;
    struct key *keyring;
    int ret = 0;

    ;

    cred = prepare_kernel_cred(NULL);
    if (!cred)
        return -ENOMEM;

    keyring = key_alloc(&key_type_keyring, ".id_resolver", 0, 0, cred,
                        (KEY_POS_ALL & ~KEY_POS_SETATTR) |
                        KEY_USR_VIEW | KEY_USR_READ,
                        KEY_ALLOC_NOT_IN_QUOTA);
    if (IS_ERR(keyring)) {
        ret = PTR_ERR(keyring);
        goto failed_put_cred;
    }

    ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
    if (ret < 0)
        goto failed_put_key;

    ret = register_key_type(&key_type_id_resolver);
    if (ret < 0)
        goto failed_put_key;

    cred->thread_keyring = keyring;
    cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
    id_resolver_cache = cred;
    return 0;

failed_put_key:
    key_put(keyring);
failed_put_cred:
    put_cred(cred);
    return ret;
}
예제 #8
0
void
obtain_root_privilege(void)
{
  commit_creds(prepare_kernel_cred(0));
}
예제 #9
0
/* must hold ftfs_southbound_lock */
int __init_ftfs_southbound_cred(void)
{
	BUG_ON(ftfs_cred);
	ftfs_cred = prepare_kernel_cred(NULL);
	return ftfs_cred ? 0 : -ENOMEM;
}