Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris. Mostly ima, selinux, smack and key handling updates. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits) integrity: do zero padding of the key id KEYS: output last portion of fingerprint in /proc/keys KEYS: strip 'id:' from ca_keyid KEYS: use swapped SKID for performing partial matching KEYS: Restore partial ID matching functionality for asymmetric keys X.509: If available, use the raw subjKeyId to form the key description KEYS: handle error code encoded in pointer selinux: normalize audit log formatting selinux: cleanup error reporting in selinux_nlmsg_perm() KEYS: Check hex2bin()'s return when generating an asymmetric key ID ima: detect violations for mmaped files ima: fix race condition on ima_rdwr_violation_check and process_measurement ima: added ima_policy_flag variable ima: return an error code from ima_add_boot_aggregate() ima: provide 'ima_appraise=log' kernel option ima: move keyring initialization to ima_init() PKCS#7: Handle PKCS#7 messages that contain no X.509 certs PKCS#7: Better handling of unsupported crypto KEYS: Overhaul key identification when searching for asymmetric keys KEYS: Implement binary asymmetric key ID handling ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-10-12 10:13:55 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-10-12 10:13:55 -0400
commit: 5e40d331bd72447197f26525f21711c4a265b6a6 (patch)
tree: cfbf5efba46b0c5c5b3c8149395f721eab839945 /net
parent: d0ca47575ab3b41bb7f0fe5feec13c6cddb2913a (diff)
parent: 594081ee7145cc30a3977cb4e218f81213b63dc5 (diff)
3 files changed, 14 insertions, 7 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index ffeba8f9dda9..62fc5e7a9acf 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -476,7 +476,6 @@ struct key_type key_type_ceph = {
        .preparse       = ceph_key_preparse,
        .free_preparse  = ceph_key_free_preparse,
        .instantiate    = generic_key_instantiate,
-        .match          = user_match,
        .destroy        = ceph_key_destroy,
 };
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index f380b2c58178..31cd4fd75486 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -176,11 +176,11 @@ static void dns_resolver_free_preparse(struct key_preparsed_payload *prep)
 * The domain name may be a simple name or an absolute domain name (which
 * should end with a period).  The domain name is case-independent.
 */
-static int
+static bool dns_resolver_cmp(const struct key *key,
-dns_resolver_match(const struct key *key, const void *description)
+                             const struct key_match_data *match_data)
 {
        int slen, dlen, ret = 0;
-        const char *src = key->description, *dsp = description;
+        const char *src = key->description, *dsp = match_data->raw_data;
        kenter("%s,%s", src, dsp);
@@ -209,6 +209,16 @@ no_match:
 }
 /*
+ * Preparse the match criterion.
+ */
+static int dns_resolver_match_preparse(struct key_match_data *match_data)
+{
+        match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
+        match_data->cmp = dns_resolver_cmp;
+        return 0;
+}
+/*
 * Describe a DNS key
 */
 static void dns_resolver_describe(const struct key *key, struct seq_file *m)
@@ -242,7 +252,7 @@ struct key_type key_type_dns_resolver = {
        .preparse       = dns_resolver_preparse,
        .free_preparse  = dns_resolver_free_preparse,
        .instantiate    = generic_key_instantiate,
-        .match          = dns_resolver_match,
+        .match_preparse = dns_resolver_match_preparse,
        .revoke         = user_revoke,
        .destroy        = user_destroy,
        .describe       = dns_resolver_describe,
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index 1b24191167f1..db0f39f5ef96 100644
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -44,7 +44,6 @@ struct key_type key_type_rxrpc = {
        .preparse       = rxrpc_preparse,
        .free_preparse  = rxrpc_free_preparse,
        .instantiate    = generic_key_instantiate,
-        .match          = user_match,
        .destroy        = rxrpc_destroy,
        .describe       = rxrpc_describe,
        .read           = rxrpc_read,
@@ -61,7 +60,6 @@ struct key_type key_type_rxrpc_s = {
        .preparse       = rxrpc_preparse_s,
        .free_preparse  = rxrpc_free_preparse_s,
        .instantiate    = generic_key_instantiate,
-        .match          = user_match,
        .destroy        = rxrpc_destroy_s,
        .describe       = rxrpc_describe,
 };
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-10-12 10:13:55 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-10-12 10:13:55 -0400
commit	5e40d331bd72447197f26525f21711c4a265b6a6 (patch)
tree	cfbf5efba46b0c5c5b3c8149395f721eab839945 /net
parent	d0ca47575ab3b41bb7f0fe5feec13c6cddb2913a (diff)
parent	594081ee7145cc30a3977cb4e218f81213b63dc5 (diff)