diff options
| author | David Howells <dhowells@redhat.com> | 2014-09-16 12:36:02 -0400 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2014-09-16 12:36:02 -0400 |
| commit | 462919591a1791e76042dc5c1e0148715df59beb (patch) | |
| tree | 44a60ee5f08eab18b1a69f98d993f9a47a45fece /security/keys/request_key.c | |
| parent | 53d91c5ce0cb8945b55e8bb54e551cabc51eb28d (diff) | |
KEYS: Preparse match data
Preparse the match data. This provides several advantages:
(1) The preparser can reject invalid criteria up front.
(2) The preparser can convert the criteria to binary data if necessary (the
asymmetric key type really wants to do binary comparison of the key IDs).
(3) The preparser can set the type of search to be performed. This means
that it's not then a one-off setting in the key type.
(4) The preparser can set an appropriate comparator function.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Diffstat (limited to 'security/keys/request_key.c')
| -rw-r--r-- | security/keys/request_key.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 381411941cc1..408523e5e2e2 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -531,9 +531,9 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 531 | .index_key.type = type, | 531 | .index_key.type = type, |
| 532 | .index_key.description = description, | 532 | .index_key.description = description, |
| 533 | .cred = current_cred(), | 533 | .cred = current_cred(), |
| 534 | .match = type->match, | 534 | .match_data.cmp = type->match, |
| 535 | .match_data = description, | 535 | .match_data.raw_data = description, |
| 536 | .flags = KEYRING_SEARCH_LOOKUP_DIRECT, | 536 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
| 537 | }; | 537 | }; |
| 538 | struct key *key; | 538 | struct key *key; |
| 539 | key_ref_t key_ref; | 539 | key_ref_t key_ref; |
| @@ -543,6 +543,14 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 543 | ctx.index_key.type->name, ctx.index_key.description, | 543 | ctx.index_key.type->name, ctx.index_key.description, |
| 544 | callout_info, callout_len, aux, dest_keyring, flags); | 544 | callout_info, callout_len, aux, dest_keyring, flags); |
| 545 | 545 | ||
| 546 | if (type->match_preparse) { | ||
| 547 | ret = type->match_preparse(&ctx.match_data); | ||
| 548 | if (ret < 0) { | ||
| 549 | key = ERR_PTR(ret); | ||
| 550 | goto error; | ||
| 551 | } | ||
| 552 | } | ||
| 553 | |||
| 546 | /* search all the process keyrings for a key */ | 554 | /* search all the process keyrings for a key */ |
| 547 | key_ref = search_process_keyrings(&ctx); | 555 | key_ref = search_process_keyrings(&ctx); |
| 548 | 556 | ||
| @@ -555,7 +563,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 555 | if (ret < 0) { | 563 | if (ret < 0) { |
| 556 | key_put(key); | 564 | key_put(key); |
| 557 | key = ERR_PTR(ret); | 565 | key = ERR_PTR(ret); |
| 558 | goto error; | 566 | goto error_free; |
| 559 | } | 567 | } |
| 560 | } | 568 | } |
| 561 | } else if (PTR_ERR(key_ref) != -EAGAIN) { | 569 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
| @@ -565,12 +573,15 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 565 | * should consult userspace if we can */ | 573 | * should consult userspace if we can */ |
| 566 | key = ERR_PTR(-ENOKEY); | 574 | key = ERR_PTR(-ENOKEY); |
| 567 | if (!callout_info) | 575 | if (!callout_info) |
| 568 | goto error; | 576 | goto error_free; |
| 569 | 577 | ||
| 570 | key = construct_key_and_link(&ctx, callout_info, callout_len, | 578 | key = construct_key_and_link(&ctx, callout_info, callout_len, |
| 571 | aux, dest_keyring, flags); | 579 | aux, dest_keyring, flags); |
| 572 | } | 580 | } |
| 573 | 581 | ||
| 582 | error_free: | ||
| 583 | if (type->match_free) | ||
| 584 | type->match_free(&ctx.match_data); | ||
| 574 | error: | 585 | error: |
| 575 | kleave(" = %p", key); | 586 | kleave(" = %p", key); |
| 576 | return key; | 587 | return key; |