diff options
author | Eric Sandeen <sandeen@redhat.com> | 2008-07-24 00:30:04 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-24 13:47:31 -0400 |
commit | 982363c97f8cad7aea4c3d2cfebffc1cc2d2f166 (patch) | |
tree | 63459c8ea40c1f45f7a4e14b0630829ab2a43afc | |
parent | 6c4c17b073cd4a5a61bc04329561632870bb21fc (diff) |
ecryptfs: propagate key errors up at mount time
Mounting with invalid key signatures should probably fail, if they were
specifically requested but not available.
Also fix case checks in process_request_key_err() for the right sign of
the errnos, as spotted by Jan Tluka.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Jan Tluka <jtluka@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/ecryptfs/keystore.c | 9 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 4 |
2 files changed, 6 insertions, 7 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e82b457180be..f5b76a331b9c 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -44,15 +44,15 @@ static int process_request_key_err(long err_code) | |||
44 | int rc = 0; | 44 | int rc = 0; |
45 | 45 | ||
46 | switch (err_code) { | 46 | switch (err_code) { |
47 | case ENOKEY: | 47 | case -ENOKEY: |
48 | ecryptfs_printk(KERN_WARNING, "No key\n"); | 48 | ecryptfs_printk(KERN_WARNING, "No key\n"); |
49 | rc = -ENOENT; | 49 | rc = -ENOENT; |
50 | break; | 50 | break; |
51 | case EKEYEXPIRED: | 51 | case -EKEYEXPIRED: |
52 | ecryptfs_printk(KERN_WARNING, "Key expired\n"); | 52 | ecryptfs_printk(KERN_WARNING, "Key expired\n"); |
53 | rc = -ETIME; | 53 | rc = -ETIME; |
54 | break; | 54 | break; |
55 | case EKEYREVOKED: | 55 | case -EKEYREVOKED: |
56 | ecryptfs_printk(KERN_WARNING, "Key revoked\n"); | 56 | ecryptfs_printk(KERN_WARNING, "Key revoked\n"); |
57 | rc = -EINVAL; | 57 | rc = -EINVAL; |
58 | break; | 58 | break; |
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, | |||
963 | if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { | 963 | if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { |
964 | printk(KERN_ERR "Could not find key with description: [%s]\n", | 964 | printk(KERN_ERR "Could not find key with description: [%s]\n", |
965 | sig); | 965 | sig); |
966 | process_request_key_err(PTR_ERR(*auth_tok_key)); | 966 | rc = process_request_key_err(PTR_ERR(*auth_tok_key)); |
967 | rc = -EINVAL; | ||
968 | goto out; | 967 | goto out; |
969 | } | 968 | } |
970 | (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); | 969 | (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index f36ab2feea28..8876fe7c76e2 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_toks( | |||
248 | "session keyring for sig specified in mount " | 248 | "session keyring for sig specified in mount " |
249 | "option: [%s]\n", global_auth_tok->sig); | 249 | "option: [%s]\n", global_auth_tok->sig); |
250 | global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; | 250 | global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; |
251 | rc = 0; | 251 | goto out; |
252 | } else | 252 | } else |
253 | global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; | 253 | global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; |
254 | } | 254 | } |
255 | out: | ||
255 | return rc; | 256 | return rc; |
256 | } | 257 | } |
257 | 258 | ||
@@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
416 | printk(KERN_WARNING "One or more global auth toks could not " | 417 | printk(KERN_WARNING "One or more global auth toks could not " |
417 | "properly register; rc = [%d]\n", rc); | 418 | "properly register; rc = [%d]\n", rc); |
418 | } | 419 | } |
419 | rc = 0; | ||
420 | out: | 420 | out: |
421 | return rc; | 421 | return rc; |
422 | } | 422 | } |