diff options
author | David Howells <dhowells@redhat.com> | 2006-03-25 06:06:52 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 11:22:50 -0500 |
commit | 1d9b7d97d6661edb44ce08f17e47c66d4ac20e34 (patch) | |
tree | aacf3d99c547d94e4fb1bbeb2a4eb887301c2319 /security/keys | |
parent | 3dccff8dc00994428777f483922058c554db85bd (diff) |
[PATCH] Keys: Replace duplicate non-updateable keys rather than failing
Cause an attempt to add a duplicate non-updateable key (such as a keyring) to
a keyring to discard the extant copy in favour of the new one rather than
failing with EEXIST:
# do the test in an empty session
keyctl session
# create a new keyring called "a" and attach to session
keyctl newring a @s
# create another new keyring called "a" and attach to session,
# displacing the keyring added by the second command:
keyctl newring a @s
Without this patch, the third command will fail.
For updateable keys (such as those of "user" type), the update method will
still be called rather than a new key being created.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/key.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 627697181e6a..a057e3311aad 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
795 | goto error_3; | 795 | goto error_3; |
796 | } | 796 | } |
797 | 797 | ||
798 | /* search for an existing key of the same type and description in the | 798 | /* if it's possible to update this type of key, search for an existing |
799 | * destination keyring | 799 | * key of the same type and description in the destination keyring and |
800 | * update that instead if possible | ||
800 | */ | 801 | */ |
801 | key_ref = __keyring_search_one(keyring_ref, ktype, description, 0); | 802 | if (ktype->update) { |
802 | if (!IS_ERR(key_ref)) | 803 | key_ref = __keyring_search_one(keyring_ref, ktype, description, |
803 | goto found_matching_key; | 804 | 0); |
805 | if (!IS_ERR(key_ref)) | ||
806 | goto found_matching_key; | ||
807 | } | ||
804 | 808 | ||
805 | /* decide on the permissions we want */ | 809 | /* decide on the permissions we want */ |
806 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | 810 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; |