aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-03-25 06:06:52 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 11:22:50 -0500
commit1d9b7d97d6661edb44ce08f17e47c66d4ac20e34 (patch)
treeaacf3d99c547d94e4fb1bbeb2a4eb887301c2319 /security/keys
parent3dccff8dc00994428777f483922058c554db85bd (diff)
[PATCH] Keys: Replace duplicate non-updateable keys rather than failing
Cause an attempt to add a duplicate non-updateable key (such as a keyring) to a keyring to discard the extant copy in favour of the new one rather than failing with EEXIST: # do the test in an empty session keyctl session # create a new keyring called "a" and attach to session keyctl newring a @s # create another new keyring called "a" and attach to session, # displacing the keyring added by the second command: keyctl newring a @s Without this patch, the third command will fail. For updateable keys (such as those of "user" type), the update method will still be called rather than a new key being created. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/key.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 627697181e6a..a057e3311aad 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
795 goto error_3; 795 goto error_3;
796 } 796 }
797 797
798 /* search for an existing key of the same type and description in the 798 /* if it's possible to update this type of key, search for an existing
799 * destination keyring 799 * key of the same type and description in the destination keyring and
800 * update that instead if possible
800 */ 801 */
801 key_ref = __keyring_search_one(keyring_ref, ktype, description, 0); 802 if (ktype->update) {
802 if (!IS_ERR(key_ref)) 803 key_ref = __keyring_search_one(keyring_ref, ktype, description,
803 goto found_matching_key; 804 0);
805 if (!IS_ERR(key_ref))
806 goto found_matching_key;
807 }
804 808
805 /* decide on the permissions we want */ 809 /* decide on the permissions we want */
806 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 810 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;