aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Sandeen <sandeen@redhat.com>2008-07-24 00:30:04 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-24 13:47:31 -0400
commit982363c97f8cad7aea4c3d2cfebffc1cc2d2f166 (patch)
tree63459c8ea40c1f45f7a4e14b0630829ab2a43afc
parent6c4c17b073cd4a5a61bc04329561632870bb21fc (diff)
ecryptfs: propagate key errors up at mount time
Mounting with invalid key signatures should probably fail, if they were specifically requested but not available. Also fix case checks in process_request_key_err() for the right sign of the errnos, as spotted by Jan Tluka. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Jan Tluka <jtluka@redhat.com> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/ecryptfs/keystore.c9
-rw-r--r--fs/ecryptfs/main.c4
2 files changed, 6 insertions, 7 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e82b457180be..f5b76a331b9c 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -44,15 +44,15 @@ static int process_request_key_err(long err_code)
44 int rc = 0; 44 int rc = 0;
45 45
46 switch (err_code) { 46 switch (err_code) {
47 case ENOKEY: 47 case -ENOKEY:
48 ecryptfs_printk(KERN_WARNING, "No key\n"); 48 ecryptfs_printk(KERN_WARNING, "No key\n");
49 rc = -ENOENT; 49 rc = -ENOENT;
50 break; 50 break;
51 case EKEYEXPIRED: 51 case -EKEYEXPIRED:
52 ecryptfs_printk(KERN_WARNING, "Key expired\n"); 52 ecryptfs_printk(KERN_WARNING, "Key expired\n");
53 rc = -ETIME; 53 rc = -ETIME;
54 break; 54 break;
55 case EKEYREVOKED: 55 case -EKEYREVOKED:
56 ecryptfs_printk(KERN_WARNING, "Key revoked\n"); 56 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
57 rc = -EINVAL; 57 rc = -EINVAL;
58 break; 58 break;
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
963 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { 963 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
964 printk(KERN_ERR "Could not find key with description: [%s]\n", 964 printk(KERN_ERR "Could not find key with description: [%s]\n",
965 sig); 965 sig);
966 process_request_key_err(PTR_ERR(*auth_tok_key)); 966 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
967 rc = -EINVAL;
968 goto out; 967 goto out;
969 } 968 }
970 (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); 969 (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index f36ab2feea28..8876fe7c76e2 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_toks(
248 "session keyring for sig specified in mount " 248 "session keyring for sig specified in mount "
249 "option: [%s]\n", global_auth_tok->sig); 249 "option: [%s]\n", global_auth_tok->sig);
250 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; 250 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
251 rc = 0; 251 goto out;
252 } else 252 } else
253 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; 253 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
254 } 254 }
255out:
255 return rc; 256 return rc;
256} 257}
257 258
@@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
416 printk(KERN_WARNING "One or more global auth toks could not " 417 printk(KERN_WARNING "One or more global auth toks could not "
417 "properly register; rc = [%d]\n", rc); 418 "properly register; rc = [%d]\n", rc);
418 } 419 }
419 rc = 0;
420out: 420out:
421 return rc; 421 return rc;
422} 422}