diff options
author | David Howells <dhowells@redhat.com> | 2008-04-29 04:01:24 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:16 -0400 |
commit | 4a38e122e2cc6294779021ff4ccc784a3997059e (patch) | |
tree | 84b401b44e0550b04f831d98a91eacfd7cffb51d /security/keys/request_key.c | |
parent | dceba9944181b1fd5993417b5c8fa0e3dda38f8d (diff) |
keys: allow the callout data to be passed as a blob rather than a string
Allow the callout data to be passed as a blob rather than a string for
internal kernel services that call any request_key_*() interface other than
request_key(). request_key() itself still takes a NUL-terminated string.
The functions that change are:
request_key_with_auxdata()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Paul Moore <paul.moore@hp.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/keys/request_key.c')
-rw-r--r-- | security/keys/request_key.c | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 5ecc5057fb54..a3f94c60692d 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -161,21 +161,22 @@ error_alloc: | |||
161 | * call out to userspace for key construction | 161 | * call out to userspace for key construction |
162 | * - we ignore program failure and go on key status instead | 162 | * - we ignore program failure and go on key status instead |
163 | */ | 163 | */ |
164 | static int construct_key(struct key *key, const char *callout_info, void *aux) | 164 | static int construct_key(struct key *key, const void *callout_info, |
165 | size_t callout_len, void *aux) | ||
165 | { | 166 | { |
166 | struct key_construction *cons; | 167 | struct key_construction *cons; |
167 | request_key_actor_t actor; | 168 | request_key_actor_t actor; |
168 | struct key *authkey; | 169 | struct key *authkey; |
169 | int ret; | 170 | int ret; |
170 | 171 | ||
171 | kenter("%d,%s,%p", key->serial, callout_info, aux); | 172 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
172 | 173 | ||
173 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); | 174 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
174 | if (!cons) | 175 | if (!cons) |
175 | return -ENOMEM; | 176 | return -ENOMEM; |
176 | 177 | ||
177 | /* allocate an authorisation key */ | 178 | /* allocate an authorisation key */ |
178 | authkey = request_key_auth_new(key, callout_info); | 179 | authkey = request_key_auth_new(key, callout_info, callout_len); |
179 | if (IS_ERR(authkey)) { | 180 | if (IS_ERR(authkey)) { |
180 | kfree(cons); | 181 | kfree(cons); |
181 | ret = PTR_ERR(authkey); | 182 | ret = PTR_ERR(authkey); |
@@ -331,6 +332,7 @@ alloc_failed: | |||
331 | static struct key *construct_key_and_link(struct key_type *type, | 332 | static struct key *construct_key_and_link(struct key_type *type, |
332 | const char *description, | 333 | const char *description, |
333 | const char *callout_info, | 334 | const char *callout_info, |
335 | size_t callout_len, | ||
334 | void *aux, | 336 | void *aux, |
335 | struct key *dest_keyring, | 337 | struct key *dest_keyring, |
336 | unsigned long flags) | 338 | unsigned long flags) |
@@ -348,7 +350,7 @@ static struct key *construct_key_and_link(struct key_type *type, | |||
348 | key_user_put(user); | 350 | key_user_put(user); |
349 | 351 | ||
350 | if (ret == 0) { | 352 | if (ret == 0) { |
351 | ret = construct_key(key, callout_info, aux); | 353 | ret = construct_key(key, callout_info, callout_len, aux); |
352 | if (ret < 0) | 354 | if (ret < 0) |
353 | goto construction_failed; | 355 | goto construction_failed; |
354 | } | 356 | } |
@@ -370,7 +372,8 @@ construction_failed: | |||
370 | */ | 372 | */ |
371 | struct key *request_key_and_link(struct key_type *type, | 373 | struct key *request_key_and_link(struct key_type *type, |
372 | const char *description, | 374 | const char *description, |
373 | const char *callout_info, | 375 | const void *callout_info, |
376 | size_t callout_len, | ||
374 | void *aux, | 377 | void *aux, |
375 | struct key *dest_keyring, | 378 | struct key *dest_keyring, |
376 | unsigned long flags) | 379 | unsigned long flags) |
@@ -378,8 +381,8 @@ struct key *request_key_and_link(struct key_type *type, | |||
378 | struct key *key; | 381 | struct key *key; |
379 | key_ref_t key_ref; | 382 | key_ref_t key_ref; |
380 | 383 | ||
381 | kenter("%s,%s,%s,%p,%p,%lx", | 384 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
382 | type->name, description, callout_info, aux, | 385 | type->name, description, callout_info, callout_len, aux, |
383 | dest_keyring, flags); | 386 | dest_keyring, flags); |
384 | 387 | ||
385 | /* search all the process keyrings for a key */ | 388 | /* search all the process keyrings for a key */ |
@@ -398,7 +401,8 @@ struct key *request_key_and_link(struct key_type *type, | |||
398 | goto error; | 401 | goto error; |
399 | 402 | ||
400 | key = construct_key_and_link(type, description, callout_info, | 403 | key = construct_key_and_link(type, description, callout_info, |
401 | aux, dest_keyring, flags); | 404 | callout_len, aux, dest_keyring, |
405 | flags); | ||
402 | } | 406 | } |
403 | 407 | ||
404 | error: | 408 | error: |
@@ -434,10 +438,13 @@ struct key *request_key(struct key_type *type, | |||
434 | const char *callout_info) | 438 | const char *callout_info) |
435 | { | 439 | { |
436 | struct key *key; | 440 | struct key *key; |
441 | size_t callout_len = 0; | ||
437 | int ret; | 442 | int ret; |
438 | 443 | ||
439 | key = request_key_and_link(type, description, callout_info, NULL, | 444 | if (callout_info) |
440 | NULL, KEY_ALLOC_IN_QUOTA); | 445 | callout_len = strlen(callout_info); |
446 | key = request_key_and_link(type, description, callout_info, callout_len, | ||
447 | NULL, NULL, KEY_ALLOC_IN_QUOTA); | ||
441 | if (!IS_ERR(key)) { | 448 | if (!IS_ERR(key)) { |
442 | ret = wait_for_key_construction(key, false); | 449 | ret = wait_for_key_construction(key, false); |
443 | if (ret < 0) { | 450 | if (ret < 0) { |
@@ -458,14 +465,15 @@ EXPORT_SYMBOL(request_key); | |||
458 | */ | 465 | */ |
459 | struct key *request_key_with_auxdata(struct key_type *type, | 466 | struct key *request_key_with_auxdata(struct key_type *type, |
460 | const char *description, | 467 | const char *description, |
461 | const char *callout_info, | 468 | const void *callout_info, |
469 | size_t callout_len, | ||
462 | void *aux) | 470 | void *aux) |
463 | { | 471 | { |
464 | struct key *key; | 472 | struct key *key; |
465 | int ret; | 473 | int ret; |
466 | 474 | ||
467 | key = request_key_and_link(type, description, callout_info, aux, | 475 | key = request_key_and_link(type, description, callout_info, callout_len, |
468 | NULL, KEY_ALLOC_IN_QUOTA); | 476 | aux, NULL, KEY_ALLOC_IN_QUOTA); |
469 | if (!IS_ERR(key)) { | 477 | if (!IS_ERR(key)) { |
470 | ret = wait_for_key_construction(key, false); | 478 | ret = wait_for_key_construction(key, false); |
471 | if (ret < 0) { | 479 | if (ret < 0) { |
@@ -485,10 +493,12 @@ EXPORT_SYMBOL(request_key_with_auxdata); | |||
485 | */ | 493 | */ |
486 | struct key *request_key_async(struct key_type *type, | 494 | struct key *request_key_async(struct key_type *type, |
487 | const char *description, | 495 | const char *description, |
488 | const char *callout_info) | 496 | const void *callout_info, |
497 | size_t callout_len) | ||
489 | { | 498 | { |
490 | return request_key_and_link(type, description, callout_info, NULL, | 499 | return request_key_and_link(type, description, callout_info, |
491 | NULL, KEY_ALLOC_IN_QUOTA); | 500 | callout_len, NULL, NULL, |
501 | KEY_ALLOC_IN_QUOTA); | ||
492 | } | 502 | } |
493 | EXPORT_SYMBOL(request_key_async); | 503 | EXPORT_SYMBOL(request_key_async); |
494 | 504 | ||
@@ -500,10 +510,11 @@ EXPORT_SYMBOL(request_key_async); | |||
500 | */ | 510 | */ |
501 | struct key *request_key_async_with_auxdata(struct key_type *type, | 511 | struct key *request_key_async_with_auxdata(struct key_type *type, |
502 | const char *description, | 512 | const char *description, |
503 | const char *callout_info, | 513 | const void *callout_info, |
514 | size_t callout_len, | ||
504 | void *aux) | 515 | void *aux) |
505 | { | 516 | { |
506 | return request_key_and_link(type, description, callout_info, aux, | 517 | return request_key_and_link(type, description, callout_info, |
507 | NULL, KEY_ALLOC_IN_QUOTA); | 518 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); |
508 | } | 519 | } |
509 | EXPORT_SYMBOL(request_key_async_with_auxdata); | 520 | EXPORT_SYMBOL(request_key_async_with_auxdata); |