Merge branch 'keys-fixes' into keys-next

Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2014-07-22 16:55:45 -0400
committer: David Howells <dhowells@redhat.com> 2014-07-22 16:55:45 -0400
commit: 633706a2ee81637be37b6bc02c5336950cc163b5 (patch)
tree: 5dad64c393d3b12276b35c5835c40c6d78f606a2 /security/keys/keyctl.c
parent: 64724cfc6eea920dbaada14f0fb978b1dd31192d (diff)
parent: 0d1f64f60b4c50a8c604010ad3eef5cdfe9926bc (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 8a8c23357291..e26f860e5f2e 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id)
        key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
+                /* Root is permitted to invalidate certain special keys */
+                if (capable(CAP_SYS_ADMIN)) {
+                        key_ref = lookup_user_key(id, 0, 0);
+                        if (IS_ERR(key_ref))
+                                goto error;
+                        if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
+                                     &key_ref_to_ptr(key_ref)->flags))
+                                goto invalidate;
+                        goto error_put;
+                }
                goto error;
        }
+invalidate:
        key_invalidate(key_ref_to_ptr(key_ref));
        ret = 0;
+error_put:
        key_ref_put(key_ref);
 error:
        kleave(" = %ld", ret);
author	David Howells <dhowells@redhat.com>	2014-07-22 16:55:45 -0400
committer	David Howells <dhowells@redhat.com>	2014-07-22 16:55:45 -0400
commit	633706a2ee81637be37b6bc02c5336950cc163b5 (patch)
tree	5dad64c393d3b12276b35c5835c40c6d78f606a2 /security/keys/keyctl.c
parent	64724cfc6eea920dbaada14f0fb978b1dd31192d (diff)
parent	0d1f64f60b4c50a8c604010ad3eef5cdfe9926bc (diff)

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 8a8c23357291..e26f860e5f2e 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c
@@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id)
406	key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);	406	key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
407	if (IS_ERR(key_ref)) {	407	if (IS_ERR(key_ref)) {
408	ret = PTR_ERR(key_ref);	408	ret = PTR_ERR(key_ref);
		409
		410	/* Root is permitted to invalidate certain special keys */
		411	if (capable(CAP_SYS_ADMIN)) {
		412	key_ref = lookup_user_key(id, 0, 0);
		413	if (IS_ERR(key_ref))
		414	goto error;
		415	if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
		416	&key_ref_to_ptr(key_ref)->flags))
		417	goto invalidate;
		418	goto error_put;
		419	}
		420
409	goto error;	421	goto error;
410	}	422	}
411		423
		424	invalidate:
412	key_invalidate(key_ref_to_ptr(key_ref));	425	key_invalidate(key_ref_to_ptr(key_ref));
413	ret = 0;	426	ret = 0;
414		427	error_put:
415	key_ref_put(key_ref);	428	key_ref_put(key_ref);
416	error:	429	error:
417	kleave(" = %ld", ret);	430	kleave(" = %ld", ret);