diff options
| author | David Howells <dhowells@redhat.com> | 2008-04-29 04:01:24 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:16 -0400 |
| commit | 4a38e122e2cc6294779021ff4ccc784a3997059e (patch) | |
| tree | 84b401b44e0550b04f831d98a91eacfd7cffb51d /security/keys/request_key.c | |
| parent | dceba9944181b1fd5993417b5c8fa0e3dda38f8d (diff) | |
keys: allow the callout data to be passed as a blob rather than a string
Allow the callout data to be passed as a blob rather than a string for
internal kernel services that call any request_key_*() interface other than
request_key(). request_key() itself still takes a NUL-terminated string.
The functions that change are:
request_key_with_auxdata()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Paul Moore <paul.moore@hp.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/keys/request_key.c')
| -rw-r--r-- | security/keys/request_key.c | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 5ecc5057fb54..a3f94c60692d 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -161,21 +161,22 @@ error_alloc: | |||
| 161 | * call out to userspace for key construction | 161 | * call out to userspace for key construction |
| 162 | * - we ignore program failure and go on key status instead | 162 | * - we ignore program failure and go on key status instead |
| 163 | */ | 163 | */ |
| 164 | static int construct_key(struct key *key, const char *callout_info, void *aux) | 164 | static int construct_key(struct key *key, const void *callout_info, |
| 165 | size_t callout_len, void *aux) | ||
| 165 | { | 166 | { |
| 166 | struct key_construction *cons; | 167 | struct key_construction *cons; |
| 167 | request_key_actor_t actor; | 168 | request_key_actor_t actor; |
| 168 | struct key *authkey; | 169 | struct key *authkey; |
| 169 | int ret; | 170 | int ret; |
| 170 | 171 | ||
| 171 | kenter("%d,%s,%p", key->serial, callout_info, aux); | 172 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
| 172 | 173 | ||
| 173 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); | 174 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
| 174 | if (!cons) | 175 | if (!cons) |
| 175 | return -ENOMEM; | 176 | return -ENOMEM; |
| 176 | 177 | ||
| 177 | /* allocate an authorisation key */ | 178 | /* allocate an authorisation key */ |
| 178 | authkey = request_key_auth_new(key, callout_info); | 179 | authkey = request_key_auth_new(key, callout_info, callout_len); |
| 179 | if (IS_ERR(authkey)) { | 180 | if (IS_ERR(authkey)) { |
| 180 | kfree(cons); | 181 | kfree(cons); |
| 181 | ret = PTR_ERR(authkey); | 182 | ret = PTR_ERR(authkey); |
| @@ -331,6 +332,7 @@ alloc_failed: | |||
| 331 | static struct key *construct_key_and_link(struct key_type *type, | 332 | static struct key *construct_key_and_link(struct key_type *type, |
| 332 | const char *description, | 333 | const char *description, |
| 333 | const char *callout_info, | 334 | const char *callout_info, |
| 335 | size_t callout_len, | ||
| 334 | void *aux, | 336 | void *aux, |
| 335 | struct key *dest_keyring, | 337 | struct key *dest_keyring, |
| 336 | unsigned long flags) | 338 | unsigned long flags) |
| @@ -348,7 +350,7 @@ static struct key *construct_key_and_link(struct key_type *type, | |||
| 348 | key_user_put(user); | 350 | key_user_put(user); |
| 349 | 351 | ||
| 350 | if (ret == 0) { | 352 | if (ret == 0) { |
| 351 | ret = construct_key(key, callout_info, aux); | 353 | ret = construct_key(key, callout_info, callout_len, aux); |
| 352 | if (ret < 0) | 354 | if (ret < 0) |
| 353 | goto construction_failed; | 355 | goto construction_failed; |
| 354 | } | 356 | } |
| @@ -370,7 +372,8 @@ construction_failed: | |||
| 370 | */ | 372 | */ |
| 371 | struct key *request_key_and_link(struct key_type *type, | 373 | struct key *request_key_and_link(struct key_type *type, |
| 372 | const char *description, | 374 | const char *description, |
| 373 | const char *callout_info, | 375 | const void *callout_info, |
| 376 | size_t callout_len, | ||
| 374 | void *aux, | 377 | void *aux, |
| 375 | struct key *dest_keyring, | 378 | struct key *dest_keyring, |
| 376 | unsigned long flags) | 379 | unsigned long flags) |
| @@ -378,8 +381,8 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 378 | struct key *key; | 381 | struct key *key; |
| 379 | key_ref_t key_ref; | 382 | key_ref_t key_ref; |
| 380 | 383 | ||
| 381 | kenter("%s,%s,%s,%p,%p,%lx", | 384 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
| 382 | type->name, description, callout_info, aux, | 385 | type->name, description, callout_info, callout_len, aux, |
| 383 | dest_keyring, flags); | 386 | dest_keyring, flags); |
| 384 | 387 | ||
| 385 | /* search all the process keyrings for a key */ | 388 | /* search all the process keyrings for a key */ |
| @@ -398,7 +401,8 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 398 | goto error; | 401 | goto error; |
| 399 | 402 | ||
| 400 | key = construct_key_and_link(type, description, callout_info, | 403 | key = construct_key_and_link(type, description, callout_info, |
| 401 | aux, dest_keyring, flags); | 404 | callout_len, aux, dest_keyring, |
| 405 | flags); | ||
| 402 | } | 406 | } |
| 403 | 407 | ||
| 404 | error: | 408 | error: |
| @@ -434,10 +438,13 @@ struct key *request_key(struct key_type *type, | |||
| 434 | const char *callout_info) | 438 | const char *callout_info) |
| 435 | { | 439 | { |
| 436 | struct key *key; | 440 | struct key *key; |
| 441 | size_t callout_len = 0; | ||
| 437 | int ret; | 442 | int ret; |
| 438 | 443 | ||
| 439 | key = request_key_and_link(type, description, callout_info, NULL, | 444 | if (callout_info) |
| 440 | NULL, KEY_ALLOC_IN_QUOTA); | 445 | callout_len = strlen(callout_info); |
| 446 | key = request_key_and_link(type, description, callout_info, callout_len, | ||
| 447 | NULL, NULL, KEY_ALLOC_IN_QUOTA); | ||
| 441 | if (!IS_ERR(key)) { | 448 | if (!IS_ERR(key)) { |
| 442 | ret = wait_for_key_construction(key, false); | 449 | ret = wait_for_key_construction(key, false); |
| 443 | if (ret < 0) { | 450 | if (ret < 0) { |
| @@ -458,14 +465,15 @@ EXPORT_SYMBOL(request_key); | |||
| 458 | */ | 465 | */ |
| 459 | struct key *request_key_with_auxdata(struct key_type *type, | 466 | struct key *request_key_with_auxdata(struct key_type *type, |
| 460 | const char *description, | 467 | const char *description, |
| 461 | const char *callout_info, | 468 | const void *callout_info, |
| 469 | size_t callout_len, | ||
| 462 | void *aux) | 470 | void *aux) |
| 463 | { | 471 | { |
| 464 | struct key *key; | 472 | struct key *key; |
| 465 | int ret; | 473 | int ret; |
| 466 | 474 | ||
| 467 | key = request_key_and_link(type, description, callout_info, aux, | 475 | key = request_key_and_link(type, description, callout_info, callout_len, |
| 468 | NULL, KEY_ALLOC_IN_QUOTA); | 476 | aux, NULL, KEY_ALLOC_IN_QUOTA); |
| 469 | if (!IS_ERR(key)) { | 477 | if (!IS_ERR(key)) { |
| 470 | ret = wait_for_key_construction(key, false); | 478 | ret = wait_for_key_construction(key, false); |
| 471 | if (ret < 0) { | 479 | if (ret < 0) { |
| @@ -485,10 +493,12 @@ EXPORT_SYMBOL(request_key_with_auxdata); | |||
| 485 | */ | 493 | */ |
| 486 | struct key *request_key_async(struct key_type *type, | 494 | struct key *request_key_async(struct key_type *type, |
| 487 | const char *description, | 495 | const char *description, |
| 488 | const char *callout_info) | 496 | const void *callout_info, |
| 497 | size_t callout_len) | ||
| 489 | { | 498 | { |
| 490 | return request_key_and_link(type, description, callout_info, NULL, | 499 | return request_key_and_link(type, description, callout_info, |
| 491 | NULL, KEY_ALLOC_IN_QUOTA); | 500 | callout_len, NULL, NULL, |
| 501 | KEY_ALLOC_IN_QUOTA); | ||
| 492 | } | 502 | } |
| 493 | EXPORT_SYMBOL(request_key_async); | 503 | EXPORT_SYMBOL(request_key_async); |
| 494 | 504 | ||
| @@ -500,10 +510,11 @@ EXPORT_SYMBOL(request_key_async); | |||
| 500 | */ | 510 | */ |
| 501 | struct key *request_key_async_with_auxdata(struct key_type *type, | 511 | struct key *request_key_async_with_auxdata(struct key_type *type, |
| 502 | const char *description, | 512 | const char *description, |
| 503 | const char *callout_info, | 513 | const void *callout_info, |
| 514 | size_t callout_len, | ||
| 504 | void *aux) | 515 | void *aux) |
| 505 | { | 516 | { |
| 506 | return request_key_and_link(type, description, callout_info, aux, | 517 | return request_key_and_link(type, description, callout_info, |
| 507 | NULL, KEY_ALLOC_IN_QUOTA); | 518 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); |
| 508 | } | 519 | } |
| 509 | EXPORT_SYMBOL(request_key_async_with_auxdata); | 520 | EXPORT_SYMBOL(request_key_async_with_auxdata); |