Lines Matching refs:new
234 struct cred *new;
236 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
237 if (!new)
241 new->tgcred = kzalloc(sizeof(*new->tgcred), GFP_KERNEL);
242 if (!new->tgcred) {
243 kmem_cache_free(cred_jar, new);
246 atomic_set(&new->tgcred->usage, 1);
249 atomic_set(&new->usage, 1);
251 if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
255 new->magic = CRED_MAGIC;
257 return new;
260 abort_creds(new);
265 * prepare_creds - Prepare a new set of credentials for modification
267 * Prepare a new set of task credentials for modification. A task's creds
269 * prepare a new copy, which the caller then modifies and then commits by
274 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
282 struct cred *new;
286 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
287 if (!new)
290 kdebug("prepare_creds() alloc %p", new);
293 memcpy(new, old, sizeof(struct cred));
295 atomic_set(&new->usage, 1);
296 set_cred_subscribers(new, 0);
297 get_group_info(new->group_info);
298 get_uid(new->user);
301 key_get(new->thread_keyring);
302 key_get(new->request_key_auth);
303 atomic_inc(&new->tgcred->usage);
307 new->security = NULL;
310 if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
312 validate_creds(new);
313 return new;
316 abort_creds(new);
328 struct cred *new;
336 new = prepare_creds();
337 if (!new) {
339 return new;
344 key_put(new->thread_keyring);
345 new->thread_keyring = NULL;
347 /* create a new per-thread-group creds for all this set of threads to
349 memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred));
354 /* inherit the session keyring; new process keyring */
358 release_tgcred(new);
359 new->tgcred = tgcred;
362 return new;
366 * Copy credentials for the new process created by fork()
368 * We share if we can, but under some circumstances we have to generate a new
371 * The new process gets the current process's subjective credentials as its
379 struct cred *new;
400 new = prepare_creds();
401 if (!new)
405 ret = create_user_ns(new);
411 /* new threads get their own thread keyrings if their parent already
413 if (new->thread_keyring) {
414 key_put(new->thread_keyring);
415 new->thread_keyring = NULL;
417 install_thread_keyring_to_cred(new);
432 tgcred->session_keyring = key_get(new->tgcred->session_keyring);
434 release_tgcred(new);
435 new->tgcred = tgcred;
439 atomic_inc(&new->user->processes);
440 p->cred = p->real_cred = get_cred(new);
441 alter_cred_subscribers(new, 2);
442 validate_creds(new);
446 put_cred(new);
451 * commit_creds - Install new credentials upon the current task
452 * @new: The credentials to be assigned
454 * Install a new set of credentials to the current task, using RCU to replace
459 * This function eats the caller's reference to the new credentials.
464 int commit_creds(struct cred *new)
469 kdebug("commit_creds(%p{%d,%d})", new,
470 atomic_read(&new->usage),
471 read_cred_subscribers(new));
477 validate_creds(new);
479 BUG_ON(atomic_read(&new->usage) < 1);
481 get_cred(new); /* we will require a ref for the subj creds too */
484 if (old->euid != new->euid ||
485 old->egid != new->egid ||
486 old->fsuid != new->fsuid ||
487 old->fsgid != new->fsgid ||
488 !cap_issubset(new->cap_permitted, old->cap_permitted)) {
496 if (new->fsuid != old->fsuid)
498 if (new->fsgid != old->fsgid)
503 * new uid over his NPROC rlimit? We can check this now
504 * cheaply with the new uid cache, so if it matters
507 alter_cred_subscribers(new, 2);
508 if (new->user != old->user)
509 atomic_inc(&new->user->processes);
510 rcu_assign_pointer(task->real_cred, new);
511 rcu_assign_pointer(task->cred, new);
512 if (new->user != old->user)
517 if (new->uid != old->uid ||
518 new->euid != old->euid ||
519 new->suid != old->suid ||
520 new->fsuid != old->fsuid)
523 if (new->gid != old->gid ||
524 new->egid != old->egid ||
525 new->sgid != old->sgid ||
526 new->fsgid != old->fsgid)
538 * @new: The credentials that were going to be applied
543 void abort_creds(struct cred *new)
545 kdebug("abort_creds(%p{%d,%d})", new,
546 atomic_read(&new->usage),
547 read_cred_subscribers(new));
550 BUG_ON(read_cred_subscribers(new) != 0);
552 BUG_ON(atomic_read(&new->usage) < 1);
553 put_cred(new);
559 * @new: The credentials to be assigned
564 const struct cred *override_creds(const struct cred *new)
568 kdebug("override_creds(%p{%d,%d})", new,
569 atomic_read(&new->usage),
570 read_cred_subscribers(new));
573 validate_creds(new);
574 get_cred(new);
575 alter_cred_subscribers(new, 1);
576 rcu_assign_pointer(current->cred, new);
634 * Returns the new credentials or NULL if out of memory.
641 struct cred *new;
643 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
644 if (!new)
647 kdebug("prepare_kernel_cred() alloc %p", new);
656 *new = *old;
657 get_uid(new->user);
658 get_group_info(new->group_info);
662 new->tgcred = &init_tgcred;
663 new->request_key_auth = NULL;
664 new->thread_keyring = NULL;
665 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
669 new->security = NULL;
671 if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
674 atomic_set(&new->usage, 1);
675 set_cred_subscribers(new, 0);
677 validate_creds(new);
678 return new;
681 put_cred(new);
689 * @new: The credentials to alter
695 int set_security_override(struct cred *new, u32 secid)
697 return security_kernel_act_as(new, secid);
703 * @new: The credentials to alter
711 int set_security_override_from_ctx(struct cred *new, const char *secctx)
720 return set_security_override(new, secid);
726 * @new: The credentials to alter
730 * as the object context of the specified inode, so that the new inodes have
733 int set_create_files_as(struct cred *new, struct inode *inode)
735 new->fsuid = inode->i_uid;
736 new->fsgid = inode->i_gid;
737 return security_kernel_create_files_as(new, inode);