aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/keys/user-type.h3
-rw-r--r--security/keys/internal.h1
-rw-r--r--security/keys/key.c1
-rw-r--r--security/keys/user_defined.c37
4 files changed, 41 insertions, 1 deletions
diff --git a/include/keys/user-type.h b/include/keys/user-type.h
index c37c34275a44..bc9ec1d7698c 100644
--- a/include/keys/user-type.h
+++ b/include/keys/user-type.h
@@ -17,7 +17,7 @@
17 17
18/*****************************************************************************/ 18/*****************************************************************************/
19/* 19/*
20 * the payload for a key of type "user" 20 * the payload for a key of type "user" or "logon"
21 * - once filled in and attached to a key: 21 * - once filled in and attached to a key:
22 * - the payload struct is invariant may not be changed, only replaced 22 * - the payload struct is invariant may not be changed, only replaced
23 * - the payload must be read with RCU procedures or with the key semaphore 23 * - the payload must be read with RCU procedures or with the key semaphore
@@ -33,6 +33,7 @@ struct user_key_payload {
33}; 33};
34 34
35extern struct key_type key_type_user; 35extern struct key_type key_type_user;
36extern struct key_type key_type_logon;
36 37
37extern int user_instantiate(struct key *key, const void *data, size_t datalen); 38extern int user_instantiate(struct key *key, const void *data, size_t datalen);
38extern int user_update(struct key *key, const void *data, size_t datalen); 39extern int user_update(struct key *key, const void *data, size_t datalen);
diff --git a/security/keys/internal.h b/security/keys/internal.h
index c7a7caec4830..65647f825584 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -33,6 +33,7 @@
33 33
34extern struct key_type key_type_dead; 34extern struct key_type key_type_dead;
35extern struct key_type key_type_user; 35extern struct key_type key_type_user;
36extern struct key_type key_type_logon;
36 37
37/*****************************************************************************/ 38/*****************************************************************************/
38/* 39/*
diff --git a/security/keys/key.c b/security/keys/key.c
index 4f64c7267afb..7ada8019be1f 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -999,6 +999,7 @@ void __init key_init(void)
999 list_add_tail(&key_type_keyring.link, &key_types_list); 999 list_add_tail(&key_type_keyring.link, &key_types_list);
1000 list_add_tail(&key_type_dead.link, &key_types_list); 1000 list_add_tail(&key_type_dead.link, &key_types_list);
1001 list_add_tail(&key_type_user.link, &key_types_list); 1001 list_add_tail(&key_type_user.link, &key_types_list);
1002 list_add_tail(&key_type_logon.link, &key_types_list);
1002 1003
1003 /* record the root user tracking */ 1004 /* record the root user tracking */
1004 rb_link_node(&root_key_user.node, 1005 rb_link_node(&root_key_user.node,
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 69ff52c08e97..6e1a6276649f 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -18,6 +18,8 @@
18#include <asm/uaccess.h> 18#include <asm/uaccess.h>
19#include "internal.h" 19#include "internal.h"
20 20
21static int logon_vet_description(const char *desc);
22
21/* 23/*
22 * user defined keys take an arbitrary string as the description and an 24 * user defined keys take an arbitrary string as the description and an
23 * arbitrary blob of data as the payload 25 * arbitrary blob of data as the payload
@@ -36,6 +38,24 @@ struct key_type key_type_user = {
36EXPORT_SYMBOL_GPL(key_type_user); 38EXPORT_SYMBOL_GPL(key_type_user);
37 39
38/* 40/*
41 * This key type is essentially the same as key_type_user, but it does
42 * not define a .read op. This is suitable for storing username and
43 * password pairs in the keyring that you do not want to be readable
44 * from userspace.
45 */
46struct key_type key_type_logon = {
47 .name = "logon",
48 .instantiate = user_instantiate,
49 .update = user_update,
50 .match = user_match,
51 .revoke = user_revoke,
52 .destroy = user_destroy,
53 .describe = user_describe,
54 .vet_description = logon_vet_description,
55};
56EXPORT_SYMBOL_GPL(key_type_logon);
57
58/*
39 * instantiate a user defined key 59 * instantiate a user defined key
40 */ 60 */
41int user_instantiate(struct key *key, const void *data, size_t datalen) 61int user_instantiate(struct key *key, const void *data, size_t datalen)
@@ -189,3 +209,20 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
189} 209}
190 210
191EXPORT_SYMBOL_GPL(user_read); 211EXPORT_SYMBOL_GPL(user_read);
212
213/* Vet the description for a "logon" key */
214static int logon_vet_description(const char *desc)
215{
216 char *p;
217
218 /* require a "qualified" description string */
219 p = strchr(desc, ':');
220 if (!p)
221 return -EINVAL;
222
223 /* also reject description with ':' as first char */
224 if (p == desc)
225 return -EINVAL;
226
227 return 0;
228}