eCryptfs: added support for the encrypted key type

The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 8 insertions, 5 deletions

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 27a7fefb83eb..2cff13ac8937 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 
         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
-                printk(KERN_ERR "Could not find key with description: [%s]\n",
-                       sig);
-                rc = process_request_key_err(PTR_ERR(*auth_tok_key));
-                (*auth_tok_key) = NULL;
-                goto out;
+                (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
+                if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+                        printk(KERN_ERR "Could not find key with description: [%s]\n",
+                              sig);
+                        rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+                        (*auth_tok_key) = NULL;
+                        goto out;
+                }
         }
         down_write(&(*auth_tok_key)->sem);
         rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);