1 files changed, 22 insertions, 40 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 86747151ee5b..68164031a74e 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -1,4 +1,4 @@
-/* request_key_auth.c: request key authorisation controlling key def
+/* Request key authorisation token key definition.
 *
 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
@@ -26,7 +26,7 @@ static void request_key_auth_destroy(struct key *);
 static long request_key_auth_read(const struct key *, char __user *, size_t);
 /*
- * the request-key authorisation key type definition
+ * The request-key authorisation key type definition.
 */
 struct key_type key_type_request_key_auth = {
        .name           = ".request_key_auth",
@@ -38,9 +38,8 @@ struct key_type key_type_request_key_auth = {
        .read           = request_key_auth_read,
 };
-/*****************************************************************************/
 /*
- * instantiate a request-key authorisation key
+ * Instantiate a request-key authorisation key.
 */
 static int request_key_auth_instantiate(struct key *key,
                                        const void *data,
@@ -48,12 +47,10 @@ static int request_key_auth_instantiate(struct key *key,
 {
        key->payload.data = (struct request_key_auth *) data;
        return 0;
+}
-} /* end request_key_auth_instantiate() */
-/*****************************************************************************/
 /*
- * reading a request-key authorisation key retrieves the callout information
+ * Describe an authorisation token.
 */
 static void request_key_auth_describe(const struct key *key,
                                      struct seq_file *m)
@@ -63,12 +60,10 @@ static void request_key_auth_describe(const struct key *key,
        seq_puts(m, "key:");
        seq_puts(m, key->description);
        seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
+}
-} /* end request_key_auth_describe() */
-/*****************************************************************************/
 /*
- * read the callout_info data
+ * Read the callout_info data (retrieves the callout information).
 * - the key's semaphore is read-locked
 */
 static long request_key_auth_read(const struct key *key,
@@ -91,13 +86,12 @@ static long request_key_auth_read(const struct key *key,
        }
        return ret;
+}
-} /* end request_key_auth_read() */
-/*****************************************************************************/
 /*
- * handle revocation of an authorisation token key
+ * Handle revocation of an authorisation token key.
- * - called with the key sem write-locked
+ *
+ * Called with the key sem write-locked.
 */
 static void request_key_auth_revoke(struct key *key)
 {
@@ -109,12 +103,10 @@ static void request_key_auth_revoke(struct key *key)
                put_cred(rka->cred);
                rka->cred = NULL;
        }
+}
-} /* end request_key_auth_revoke() */
-/*****************************************************************************/
 /*
- * destroy an instantiation authorisation token key
+ * Destroy an instantiation authorisation token key.
 */
 static void request_key_auth_destroy(struct key *key)
 {
@@ -131,13 +123,11 @@ static void request_key_auth_destroy(struct key *key)
        key_put(rka->dest_keyring);
        kfree(rka->callout_info);
        kfree(rka);
+}
-} /* end request_key_auth_destroy() */
-/*****************************************************************************/
 /*
- * create an authorisation token for /sbin/request-key or whoever to gain
+ * Create an authorisation token for /sbin/request-key or whoever to gain
- * access to the caller's security data
+ * access to the caller's security data.
 */
 struct key *request_key_auth_new(struct key *target, const void *callout_info,
                                 size_t callout_len, struct key *dest_keyring)
@@ -228,12 +218,10 @@ error_alloc:
        kfree(rka);
        kleave("= %d", ret);
        return ERR_PTR(ret);
+}
-} /* end request_key_auth_new() */
-/*****************************************************************************/
 /*
- * see if an authorisation key is associated with a particular key
+ * See if an authorisation key is associated with a particular key.
 */
 static int key_get_instantiation_authkey_match(const struct key *key,
                                               const void *_id)
@@ -242,16 +230,11 @@ static int key_get_instantiation_authkey_match(const struct key *key,
        key_serial_t id = (key_serial_t)(unsigned long) _id;
        return rka->target_key->serial == id;
+}
-} /* end key_get_instantiation_authkey_match() */
-/*****************************************************************************/
 /*
- * get the authorisation key for instantiation of a specific key if attached to
+ * Search the current process's keyrings for the authorisation key for
- * the current process's keyrings
+ * instantiation of a key.
- * - this key is inserted into a keyring and that is set as /sbin/request-key's
- *   session keyring
- * - a target_id of zero specifies any valid token
 */
 struct key *key_get_instantiation_authkey(key_serial_t target_id)
 {
@@ -278,5 +261,4 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
 error:
        return authkey;
+}
-} /* end key_get_instantiation_authkey() */

diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 86747151ee5b..68164031a74e 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c
@@ -1,4 +1,4 @@
1	/* request_key_auth.c: request key authorisation controlling key def	1	/* Request key authorisation token key definition.
2	*	2	*
3	* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.	3	* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
4	* Written by David Howells (dhowells@redhat.com)	4	* Written by David Howells (dhowells@redhat.com)
@@ -26,7 +26,7 @@ static void request_key_auth_destroy(struct key *);
26	static long request_key_auth_read(const struct key , char __user , size_t);	26	static long request_key_auth_read(const struct key , char __user , size_t);
27		27
28	/*	28	/*
29	* the request-key authorisation key type definition	29	* The request-key authorisation key type definition.
30	*/	30	*/
31	struct key_type key_type_request_key_auth = {	31	struct key_type key_type_request_key_auth = {
32	.name = ".request_key_auth",	32	.name = ".request_key_auth",
@@ -38,9 +38,8 @@ struct key_type key_type_request_key_auth = {
38	.read = request_key_auth_read,	38	.read = request_key_auth_read,
39	};	39	};
40		40
41	/*****************************************************************************/
42	/*	41	/*
43	* instantiate a request-key authorisation key	42	* Instantiate a request-key authorisation key.
44	*/	43	*/
45	static int request_key_auth_instantiate(struct key *key,	44	static int request_key_auth_instantiate(struct key *key,
46	const void *data,	45	const void *data,
@@ -48,12 +47,10 @@ static int request_key_auth_instantiate(struct key *key,
48	{	47	{
49	key->payload.data = (struct request_key_auth *) data;	48	key->payload.data = (struct request_key_auth *) data;
50	return 0;	49	return 0;
		50	}
51		51
52	} /* end request_key_auth_instantiate() */
53
54	/*****************************************************************************/
55	/*	52	/*
56	* reading a request-key authorisation key retrieves the callout information	53	* Describe an authorisation token.
57	*/	54	*/
58	static void request_key_auth_describe(const struct key *key,	55	static void request_key_auth_describe(const struct key *key,
59	struct seq_file *m)	56	struct seq_file *m)
@@ -63,12 +60,10 @@ static void request_key_auth_describe(const struct key *key,
63	seq_puts(m, "key:");	60	seq_puts(m, "key:");
64	seq_puts(m, key->description);	61	seq_puts(m, key->description);
65	seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);	62	seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
		63	}
66		64
67	} /* end request_key_auth_describe() */
68
69	/*****************************************************************************/
70	/*	65	/*
71	* read the callout_info data	66	* Read the callout_info data (retrieves the callout information).
72	* - the key's semaphore is read-locked	67	* - the key's semaphore is read-locked
73	*/	68	*/
74	static long request_key_auth_read(const struct key *key,	69	static long request_key_auth_read(const struct key *key,
@@ -91,13 +86,12 @@ static long request_key_auth_read(const struct key *key,
91	}	86	}
92		87
93	return ret;	88	return ret;
		89	}
94		90
95	} /* end request_key_auth_read() */
96
97	/*****************************************************************************/
98	/*	91	/*
99	* handle revocation of an authorisation token key	92	* Handle revocation of an authorisation token key.
100	* - called with the key sem write-locked	93	*
		94	* Called with the key sem write-locked.
101	*/	95	*/
102	static void request_key_auth_revoke(struct key *key)	96	static void request_key_auth_revoke(struct key *key)
103	{	97	{
@@ -109,12 +103,10 @@ static void request_key_auth_revoke(struct key *key)
109	put_cred(rka->cred);	103	put_cred(rka->cred);
110	rka->cred = NULL;	104	rka->cred = NULL;
111	}	105	}
		106	}
112		107
113	} /* end request_key_auth_revoke() */
114
115	/*****************************************************************************/
116	/*	108	/*
117	* destroy an instantiation authorisation token key	109	* Destroy an instantiation authorisation token key.
118	*/	110	*/
119	static void request_key_auth_destroy(struct key *key)	111	static void request_key_auth_destroy(struct key *key)
120	{	112	{
@@ -131,13 +123,11 @@ static void request_key_auth_destroy(struct key *key)
131	key_put(rka->dest_keyring);	123	key_put(rka->dest_keyring);
132	kfree(rka->callout_info);	124	kfree(rka->callout_info);
133	kfree(rka);	125	kfree(rka);
		126	}
134		127
135	} /* end request_key_auth_destroy() */
136
137	/*****************************************************************************/
138	/*	128	/*
139	* create an authorisation token for /sbin/request-key or whoever to gain	129	* Create an authorisation token for /sbin/request-key or whoever to gain
140	* access to the caller's security data	130	* access to the caller's security data.
141	*/	131	*/
142	struct key request_key_auth_new(struct key target, const void *callout_info,	132	struct key request_key_auth_new(struct key target, const void *callout_info,
143	size_t callout_len, struct key *dest_keyring)	133	size_t callout_len, struct key *dest_keyring)
@@ -228,12 +218,10 @@ error_alloc:
228	kfree(rka);	218	kfree(rka);
229	kleave("= %d", ret);	219	kleave("= %d", ret);
230	return ERR_PTR(ret);	220	return ERR_PTR(ret);
		221	}
231		222
232	} /* end request_key_auth_new() */
233
234	/*****************************************************************************/
235	/*	223	/*
236	* see if an authorisation key is associated with a particular key	224	* See if an authorisation key is associated with a particular key.
237	*/	225	*/
238	static int key_get_instantiation_authkey_match(const struct key *key,	226	static int key_get_instantiation_authkey_match(const struct key *key,
239	const void *_id)	227	const void *_id)
@@ -242,16 +230,11 @@ static int key_get_instantiation_authkey_match(const struct key *key,
242	key_serial_t id = (key_serial_t)(unsigned long) _id;	230	key_serial_t id = (key_serial_t)(unsigned long) _id;
243		231
244	return rka->target_key->serial == id;	232	return rka->target_key->serial == id;
		233	}
245		234
246	} /* end key_get_instantiation_authkey_match() */
247
248	/*****************************************************************************/
249	/*	235	/*
250	* get the authorisation key for instantiation of a specific key if attached to	236	* Search the current process's keyrings for the authorisation key for
251	* the current process's keyrings	237	* instantiation of a key.
252	* - this key is inserted into a keyring and that is set as /sbin/request-key's
253	* session keyring
254	* - a target_id of zero specifies any valid token
255	*/	238	*/
256	struct key *key_get_instantiation_authkey(key_serial_t target_id)	239	struct key *key_get_instantiation_authkey(key_serial_t target_id)
257	{	240	{
@@ -278,5 +261,4 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
278		261
279	error:	262	error:
280	return authkey;	263	return authkey;
281		264	}
282	} /* end key_get_instantiation_authkey() */