aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-10-12 10:13:55 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2014-10-12 10:13:55 -0400
commit5e40d331bd72447197f26525f21711c4a265b6a6 (patch)
treecfbf5efba46b0c5c5b3c8149395f721eab839945 /security/keys
parentd0ca47575ab3b41bb7f0fe5feec13c6cddb2913a (diff)
parent594081ee7145cc30a3977cb4e218f81213b63dc5 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris. Mostly ima, selinux, smack and key handling updates. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits) integrity: do zero padding of the key id KEYS: output last portion of fingerprint in /proc/keys KEYS: strip 'id:' from ca_keyid KEYS: use swapped SKID for performing partial matching KEYS: Restore partial ID matching functionality for asymmetric keys X.509: If available, use the raw subjKeyId to form the key description KEYS: handle error code encoded in pointer selinux: normalize audit log formatting selinux: cleanup error reporting in selinux_nlmsg_perm() KEYS: Check hex2bin()'s return when generating an asymmetric key ID ima: detect violations for mmaped files ima: fix race condition on ima_rdwr_violation_check and process_measurement ima: added ima_policy_flag variable ima: return an error code from ima_add_boot_aggregate() ima: provide 'ima_appraise=log' kernel option ima: move keyring initialization to ima_init() PKCS#7: Handle PKCS#7 messages that contain no X.509 certs PKCS#7: Better handling of unsupported crypto KEYS: Overhaul key identification when searching for asymmetric keys KEYS: Implement binary asymmetric key ID handling ...
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/big_key.c2
-rw-r--r--security/keys/encrypted-keys/encrypted.c1
-rw-r--r--security/keys/internal.h21
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/keyctl.c2
-rw-r--r--security/keys/keyring.c58
-rw-r--r--security/keys/proc.c8
-rw-r--r--security/keys/process_keys.c13
-rw-r--r--security/keys/request_key.c21
-rw-r--r--security/keys/request_key_auth.c10
-rw-r--r--security/keys/trusted.c1
-rw-r--r--security/keys/user_defined.c14
12 files changed, 82 insertions, 71 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index c2f91a0cf889..b6adb94f6d52 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -33,11 +33,9 @@ MODULE_LICENSE("GPL");
33 */ 33 */
34struct key_type key_type_big_key = { 34struct key_type key_type_big_key = {
35 .name = "big_key", 35 .name = "big_key",
36 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
37 .preparse = big_key_preparse, 36 .preparse = big_key_preparse,
38 .free_preparse = big_key_free_preparse, 37 .free_preparse = big_key_free_preparse,
39 .instantiate = generic_key_instantiate, 38 .instantiate = generic_key_instantiate,
40 .match = user_match,
41 .revoke = big_key_revoke, 39 .revoke = big_key_revoke,
42 .destroy = big_key_destroy, 40 .destroy = big_key_destroy,
43 .describe = big_key_describe, 41 .describe = big_key_describe,
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 5fe443d120af..db9675db1026 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -970,7 +970,6 @@ struct key_type key_type_encrypted = {
970 .name = "encrypted", 970 .name = "encrypted",
971 .instantiate = encrypted_instantiate, 971 .instantiate = encrypted_instantiate,
972 .update = encrypted_update, 972 .update = encrypted_update,
973 .match = user_match,
974 .destroy = encrypted_destroy, 973 .destroy = encrypted_destroy,
975 .describe = user_describe, 974 .describe = user_describe,
976 .read = encrypted_read, 975 .read = encrypted_read,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 5f20da01fd8d..b8960c4959a5 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -107,20 +107,16 @@ extern int iterate_over_keyring(const struct key *keyring,
107 int (*func)(const struct key *key, void *data), 107 int (*func)(const struct key *key, void *data),
108 void *data); 108 void *data);
109 109
110typedef int (*key_match_func_t)(const struct key *, const void *);
111
112struct keyring_search_context { 110struct keyring_search_context {
113 struct keyring_index_key index_key; 111 struct keyring_index_key index_key;
114 const struct cred *cred; 112 const struct cred *cred;
115 key_match_func_t match; 113 struct key_match_data match_data;
116 const void *match_data;
117 unsigned flags; 114 unsigned flags;
118#define KEYRING_SEARCH_LOOKUP_TYPE 0x0001 /* [as type->def_lookup_type] */ 115#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */
119#define KEYRING_SEARCH_NO_STATE_CHECK 0x0002 /* Skip state checks */ 116#define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */
120#define KEYRING_SEARCH_DO_STATE_CHECK 0x0004 /* Override NO_STATE_CHECK */ 117#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */
121#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0008 /* Don't update times */ 118#define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */
122#define KEYRING_SEARCH_NO_CHECK_PERM 0x0010 /* Don't check permissions */ 119#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */
123#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0020 /* Give an error on excessive depth */
124 120
125 int (*iterator)(const void *object, void *iterator_data); 121 int (*iterator)(const void *object, void *iterator_data);
126 122
@@ -131,6 +127,8 @@ struct keyring_search_context {
131 struct timespec now; 127 struct timespec now;
132}; 128};
133 129
130extern bool key_default_cmp(const struct key *key,
131 const struct key_match_data *match_data);
134extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 132extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
135 struct keyring_search_context *ctx); 133 struct keyring_search_context *ctx);
136 134
@@ -152,7 +150,8 @@ extern struct key *request_key_and_link(struct key_type *type,
152 struct key *dest_keyring, 150 struct key *dest_keyring,
153 unsigned long flags); 151 unsigned long flags);
154 152
155extern int lookup_user_key_possessed(const struct key *key, const void *target); 153extern bool lookup_user_key_possessed(const struct key *key,
154 const struct key_match_data *match_data);
156extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, 155extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
157 key_perm_t perm); 156 key_perm_t perm);
158#define KEY_LOOKUP_CREATE 0x01 157#define KEY_LOOKUP_CREATE 0x01
diff --git a/security/keys/key.c b/security/keys/key.c
index 6d0cad16f002..e17ba6aefdc0 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -799,7 +799,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
799 } 799 }
800 800
801 key_ref = ERR_PTR(-EINVAL); 801 key_ref = ERR_PTR(-EINVAL);
802 if (!index_key.type->match || !index_key.type->instantiate || 802 if (!index_key.type->instantiate ||
803 (!index_key.description && !index_key.type->preparse)) 803 (!index_key.description && !index_key.type->preparse))
804 goto error_put_type; 804 goto error_put_type;
805 805
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e26f860e5f2e..eff88a5f5d40 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
37 return ret; 37 return ret;
38 if (ret == 0 || ret >= len) 38 if (ret == 0 || ret >= len)
39 return -EINVAL; 39 return -EINVAL;
40 if (type[0] == '.')
41 return -EPERM;
40 type[len - 1] = '\0'; 42 type[len - 1] = '\0';
41 return 0; 43 return 0;
42} 44}
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 8314a7d2104d..8177010174f7 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -89,7 +89,6 @@ struct key_type key_type_keyring = {
89 .preparse = keyring_preparse, 89 .preparse = keyring_preparse,
90 .free_preparse = keyring_free_preparse, 90 .free_preparse = keyring_free_preparse,
91 .instantiate = keyring_instantiate, 91 .instantiate = keyring_instantiate,
92 .match = user_match,
93 .revoke = keyring_revoke, 92 .revoke = keyring_revoke,
94 .destroy = keyring_destroy, 93 .destroy = keyring_destroy,
95 .describe = keyring_describe, 94 .describe = keyring_describe,
@@ -512,6 +511,15 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
512EXPORT_SYMBOL(keyring_alloc); 511EXPORT_SYMBOL(keyring_alloc);
513 512
514/* 513/*
514 * By default, we keys found by getting an exact match on their descriptions.
515 */
516bool key_default_cmp(const struct key *key,
517 const struct key_match_data *match_data)
518{
519 return strcmp(key->description, match_data->raw_data) == 0;
520}
521
522/*
515 * Iteration function to consider each key found. 523 * Iteration function to consider each key found.
516 */ 524 */
517static int keyring_search_iterator(const void *object, void *iterator_data) 525static int keyring_search_iterator(const void *object, void *iterator_data)
@@ -545,7 +553,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
545 } 553 }
546 554
547 /* keys that don't match */ 555 /* keys that don't match */
548 if (!ctx->match(key, ctx->match_data)) { 556 if (!ctx->match_data.cmp(key, &ctx->match_data)) {
549 kleave(" = 0 [!match]"); 557 kleave(" = 0 [!match]");
550 return 0; 558 return 0;
551 } 559 }
@@ -585,8 +593,7 @@ skipped:
585 */ 593 */
586static int search_keyring(struct key *keyring, struct keyring_search_context *ctx) 594static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
587{ 595{
588 if ((ctx->flags & KEYRING_SEARCH_LOOKUP_TYPE) == 596 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) {
589 KEYRING_SEARCH_LOOKUP_DIRECT) {
590 const void *object; 597 const void *object;
591 598
592 object = assoc_array_find(&keyring->keys, 599 object = assoc_array_find(&keyring->keys,
@@ -627,7 +634,7 @@ static bool search_nested_keyrings(struct key *keyring,
627 /* Check to see if this top-level keyring is what we are looking for 634 /* Check to see if this top-level keyring is what we are looking for
628 * and whether it is valid or not. 635 * and whether it is valid or not.
629 */ 636 */
630 if (ctx->flags & KEYRING_SEARCH_LOOKUP_ITERATE || 637 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
631 keyring_compare_object(keyring, &ctx->index_key)) { 638 keyring_compare_object(keyring, &ctx->index_key)) {
632 ctx->skipped_ret = 2; 639 ctx->skipped_ret = 2;
633 ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK; 640 ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
@@ -885,16 +892,25 @@ key_ref_t keyring_search(key_ref_t keyring,
885 .index_key.type = type, 892 .index_key.type = type,
886 .index_key.description = description, 893 .index_key.description = description,
887 .cred = current_cred(), 894 .cred = current_cred(),
888 .match = type->match, 895 .match_data.cmp = key_default_cmp,
889 .match_data = description, 896 .match_data.raw_data = description,
890 .flags = (type->def_lookup_type | 897 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
891 KEYRING_SEARCH_DO_STATE_CHECK), 898 .flags = KEYRING_SEARCH_DO_STATE_CHECK,
892 }; 899 };
900 key_ref_t key;
901 int ret;
893 902
894 if (!ctx.match) 903 if (type->match_preparse) {
895 return ERR_PTR(-ENOKEY); 904 ret = type->match_preparse(&ctx.match_data);
905 if (ret < 0)
906 return ERR_PTR(ret);
907 }
896 908
897 return keyring_search_aux(keyring, &ctx); 909 key = keyring_search_aux(keyring, &ctx);
910
911 if (type->match_free)
912 type->match_free(&ctx.match_data);
913 return key;
898} 914}
899EXPORT_SYMBOL(keyring_search); 915EXPORT_SYMBOL(keyring_search);
900 916
@@ -1014,7 +1030,7 @@ static int keyring_detect_cycle_iterator(const void *object,
1014 1030
1015 /* We might get a keyring with matching index-key that is nonetheless a 1031 /* We might get a keyring with matching index-key that is nonetheless a
1016 * different keyring. */ 1032 * different keyring. */
1017 if (key != ctx->match_data) 1033 if (key != ctx->match_data.raw_data)
1018 return 0; 1034 return 0;
1019 1035
1020 ctx->result = ERR_PTR(-EDEADLK); 1036 ctx->result = ERR_PTR(-EDEADLK);
@@ -1031,14 +1047,14 @@ static int keyring_detect_cycle_iterator(const void *object,
1031static int keyring_detect_cycle(struct key *A, struct key *B) 1047static int keyring_detect_cycle(struct key *A, struct key *B)
1032{ 1048{
1033 struct keyring_search_context ctx = { 1049 struct keyring_search_context ctx = {
1034 .index_key = A->index_key, 1050 .index_key = A->index_key,
1035 .match_data = A, 1051 .match_data.raw_data = A,
1036 .iterator = keyring_detect_cycle_iterator, 1052 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
1037 .flags = (KEYRING_SEARCH_LOOKUP_DIRECT | 1053 .iterator = keyring_detect_cycle_iterator,
1038 KEYRING_SEARCH_NO_STATE_CHECK | 1054 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
1039 KEYRING_SEARCH_NO_UPDATE_TIME | 1055 KEYRING_SEARCH_NO_UPDATE_TIME |
1040 KEYRING_SEARCH_NO_CHECK_PERM | 1056 KEYRING_SEARCH_NO_CHECK_PERM |
1041 KEYRING_SEARCH_DETECT_TOO_DEEP), 1057 KEYRING_SEARCH_DETECT_TOO_DEEP),
1042 }; 1058 };
1043 1059
1044 rcu_read_lock(); 1060 rcu_read_lock();
diff --git a/security/keys/proc.c b/security/keys/proc.c
index d3f6f2fd21db..972eeb336b81 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -194,10 +194,10 @@ static int proc_keys_show(struct seq_file *m, void *v)
194 .index_key.type = key->type, 194 .index_key.type = key->type,
195 .index_key.description = key->description, 195 .index_key.description = key->description,
196 .cred = current_cred(), 196 .cred = current_cred(),
197 .match = lookup_user_key_possessed, 197 .match_data.cmp = lookup_user_key_possessed,
198 .match_data = key, 198 .match_data.raw_data = key,
199 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 199 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
200 KEYRING_SEARCH_LOOKUP_DIRECT), 200 .flags = KEYRING_SEARCH_NO_STATE_CHECK,
201 }; 201 };
202 202
203 key_ref = make_key_ref(key, 0); 203 key_ref = make_key_ref(key, 0);
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 0cf8a130a267..bd536cb221e2 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -489,9 +489,10 @@ found:
489/* 489/*
490 * See if the key we're looking at is the target key. 490 * See if the key we're looking at is the target key.
491 */ 491 */
492int lookup_user_key_possessed(const struct key *key, const void *target) 492bool lookup_user_key_possessed(const struct key *key,
493 const struct key_match_data *match_data)
493{ 494{
494 return key == target; 495 return key == match_data->raw_data;
495} 496}
496 497
497/* 498/*
@@ -516,9 +517,9 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
516 key_perm_t perm) 517 key_perm_t perm)
517{ 518{
518 struct keyring_search_context ctx = { 519 struct keyring_search_context ctx = {
519 .match = lookup_user_key_possessed, 520 .match_data.cmp = lookup_user_key_possessed,
520 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 521 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
521 KEYRING_SEARCH_LOOKUP_DIRECT), 522 .flags = KEYRING_SEARCH_NO_STATE_CHECK,
522 }; 523 };
523 struct request_key_auth *rka; 524 struct request_key_auth *rka;
524 struct key *key; 525 struct key *key;
@@ -673,7 +674,7 @@ try_again:
673 ctx.index_key.type = key->type; 674 ctx.index_key.type = key->type;
674 ctx.index_key.description = key->description; 675 ctx.index_key.description = key->description;
675 ctx.index_key.desc_len = strlen(key->description); 676 ctx.index_key.desc_len = strlen(key->description);
676 ctx.match_data = key; 677 ctx.match_data.raw_data = key;
677 kdebug("check possessed"); 678 kdebug("check possessed");
678 skey_ref = search_process_keyrings(&ctx); 679 skey_ref = search_process_keyrings(&ctx);
679 kdebug("possessed=%p", skey_ref); 680 kdebug("possessed=%p", skey_ref);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 26a94f18af94..bb4337c7ae1b 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -513,9 +513,9 @@ struct key *request_key_and_link(struct key_type *type,
513 .index_key.type = type, 513 .index_key.type = type,
514 .index_key.description = description, 514 .index_key.description = description,
515 .cred = current_cred(), 515 .cred = current_cred(),
516 .match = type->match, 516 .match_data.cmp = key_default_cmp,
517 .match_data = description, 517 .match_data.raw_data = description,
518 .flags = KEYRING_SEARCH_LOOKUP_DIRECT, 518 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
519 }; 519 };
520 struct key *key; 520 struct key *key;
521 key_ref_t key_ref; 521 key_ref_t key_ref;
@@ -525,6 +525,14 @@ struct key *request_key_and_link(struct key_type *type,
525 ctx.index_key.type->name, ctx.index_key.description, 525 ctx.index_key.type->name, ctx.index_key.description,
526 callout_info, callout_len, aux, dest_keyring, flags); 526 callout_info, callout_len, aux, dest_keyring, flags);
527 527
528 if (type->match_preparse) {
529 ret = type->match_preparse(&ctx.match_data);
530 if (ret < 0) {
531 key = ERR_PTR(ret);
532 goto error;
533 }
534 }
535
528 /* search all the process keyrings for a key */ 536 /* search all the process keyrings for a key */
529 key_ref = search_process_keyrings(&ctx); 537 key_ref = search_process_keyrings(&ctx);
530 538
@@ -537,7 +545,7 @@ struct key *request_key_and_link(struct key_type *type,
537 if (ret < 0) { 545 if (ret < 0) {
538 key_put(key); 546 key_put(key);
539 key = ERR_PTR(ret); 547 key = ERR_PTR(ret);
540 goto error; 548 goto error_free;
541 } 549 }
542 } 550 }
543 } else if (PTR_ERR(key_ref) != -EAGAIN) { 551 } else if (PTR_ERR(key_ref) != -EAGAIN) {
@@ -547,12 +555,15 @@ struct key *request_key_and_link(struct key_type *type,
547 * should consult userspace if we can */ 555 * should consult userspace if we can */
548 key = ERR_PTR(-ENOKEY); 556 key = ERR_PTR(-ENOKEY);
549 if (!callout_info) 557 if (!callout_info)
550 goto error; 558 goto error_free;
551 559
552 key = construct_key_and_link(&ctx, callout_info, callout_len, 560 key = construct_key_and_link(&ctx, callout_info, callout_len,
553 aux, dest_keyring, flags); 561 aux, dest_keyring, flags);
554 } 562 }
555 563
564error_free:
565 if (type->match_free)
566 type->match_free(&ctx.match_data);
556error: 567error:
557 kleave(" = %p", key); 568 kleave(" = %p", key);
558 return key; 569 return key;
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 842e6f410d50..6639e2cb8853 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -44,12 +44,12 @@ struct key_type key_type_request_key_auth = {
44 .read = request_key_auth_read, 44 .read = request_key_auth_read,
45}; 45};
46 46
47int request_key_auth_preparse(struct key_preparsed_payload *prep) 47static int request_key_auth_preparse(struct key_preparsed_payload *prep)
48{ 48{
49 return 0; 49 return 0;
50} 50}
51 51
52void request_key_auth_free_preparse(struct key_preparsed_payload *prep) 52static void request_key_auth_free_preparse(struct key_preparsed_payload *prep)
53{ 53{
54} 54}
55 55
@@ -246,9 +246,9 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
246 .index_key.type = &key_type_request_key_auth, 246 .index_key.type = &key_type_request_key_auth,
247 .index_key.description = description, 247 .index_key.description = description,
248 .cred = current_cred(), 248 .cred = current_cred(),
249 .match = user_match, 249 .match_data.cmp = key_default_cmp,
250 .match_data = description, 250 .match_data.raw_data = description,
251 .flags = KEYRING_SEARCH_LOOKUP_DIRECT, 251 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
252 }; 252 };
253 struct key *authkey; 253 struct key *authkey;
254 key_ref_t authkey_ref; 254 key_ref_t authkey_ref;
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 6b804aa4529a..c0594cb07ada 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1096,7 +1096,6 @@ struct key_type key_type_trusted = {
1096 .name = "trusted", 1096 .name = "trusted",
1097 .instantiate = trusted_instantiate, 1097 .instantiate = trusted_instantiate,
1098 .update = trusted_update, 1098 .update = trusted_update,
1099 .match = user_match,
1100 .destroy = trusted_destroy, 1099 .destroy = trusted_destroy,
1101 .describe = user_describe, 1100 .describe = user_describe,
1102 .read = trusted_read, 1101 .read = trusted_read,
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index eee340011f2b..36b47bbd3d8c 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -26,12 +26,10 @@ static int logon_vet_description(const char *desc);
26 */ 26 */
27struct key_type key_type_user = { 27struct key_type key_type_user = {
28 .name = "user", 28 .name = "user",
29 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
30 .preparse = user_preparse, 29 .preparse = user_preparse,
31 .free_preparse = user_free_preparse, 30 .free_preparse = user_free_preparse,
32 .instantiate = generic_key_instantiate, 31 .instantiate = generic_key_instantiate,
33 .update = user_update, 32 .update = user_update,
34 .match = user_match,
35 .revoke = user_revoke, 33 .revoke = user_revoke,
36 .destroy = user_destroy, 34 .destroy = user_destroy,
37 .describe = user_describe, 35 .describe = user_describe,
@@ -48,12 +46,10 @@ EXPORT_SYMBOL_GPL(key_type_user);
48 */ 46 */
49struct key_type key_type_logon = { 47struct key_type key_type_logon = {
50 .name = "logon", 48 .name = "logon",
51 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
52 .preparse = user_preparse, 49 .preparse = user_preparse,
53 .free_preparse = user_free_preparse, 50 .free_preparse = user_free_preparse,
54 .instantiate = generic_key_instantiate, 51 .instantiate = generic_key_instantiate,
55 .update = user_update, 52 .update = user_update,
56 .match = user_match,
57 .revoke = user_revoke, 53 .revoke = user_revoke,
58 .destroy = user_destroy, 54 .destroy = user_destroy,
59 .describe = user_describe, 55 .describe = user_describe,
@@ -139,16 +135,6 @@ error:
139EXPORT_SYMBOL_GPL(user_update); 135EXPORT_SYMBOL_GPL(user_update);
140 136
141/* 137/*
142 * match users on their name
143 */
144int user_match(const struct key *key, const void *description)
145{
146 return strcmp(key->description, description) == 0;
147}
148
149EXPORT_SYMBOL_GPL(user_match);
150
151/*
152 * dispose of the links from a revoked keyring 138 * dispose of the links from a revoked keyring
153 * - called with the key sem write-locked 139 * - called with the key sem write-locked
154 */ 140 */