diff options
Diffstat (limited to 'security/keys/request_key_auth.c')
| -rw-r--r-- | security/keys/request_key_auth.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index ba717b8163ab..68164031a74e 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* request_key_auth.c: request key authorisation controlling key def | 1 | /* Request key authorisation token key definition. |
| 2 | * | 2 | * |
| 3 | * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. |
| 4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
| @@ -26,7 +26,7 @@ static void request_key_auth_destroy(struct key *); | |||
| 26 | static long request_key_auth_read(const struct key *, char __user *, size_t); | 26 | static long request_key_auth_read(const struct key *, char __user *, size_t); |
| 27 | 27 | ||
| 28 | /* | 28 | /* |
| 29 | * the request-key authorisation key type definition | 29 | * The request-key authorisation key type definition. |
| 30 | */ | 30 | */ |
| 31 | struct key_type key_type_request_key_auth = { | 31 | struct key_type key_type_request_key_auth = { |
| 32 | .name = ".request_key_auth", | 32 | .name = ".request_key_auth", |
| @@ -39,7 +39,7 @@ struct key_type key_type_request_key_auth = { | |||
| 39 | }; | 39 | }; |
| 40 | 40 | ||
| 41 | /* | 41 | /* |
| 42 | * instantiate a request-key authorisation key | 42 | * Instantiate a request-key authorisation key. |
| 43 | */ | 43 | */ |
| 44 | static int request_key_auth_instantiate(struct key *key, | 44 | static int request_key_auth_instantiate(struct key *key, |
| 45 | const void *data, | 45 | const void *data, |
| @@ -50,7 +50,7 @@ static int request_key_auth_instantiate(struct key *key, | |||
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | /* | 52 | /* |
| 53 | * reading a request-key authorisation key retrieves the callout information | 53 | * Describe an authorisation token. |
| 54 | */ | 54 | */ |
| 55 | static void request_key_auth_describe(const struct key *key, | 55 | static void request_key_auth_describe(const struct key *key, |
| 56 | struct seq_file *m) | 56 | struct seq_file *m) |
| @@ -63,7 +63,7 @@ static void request_key_auth_describe(const struct key *key, | |||
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | /* | 65 | /* |
| 66 | * read the callout_info data | 66 | * Read the callout_info data (retrieves the callout information). |
| 67 | * - the key's semaphore is read-locked | 67 | * - the key's semaphore is read-locked |
| 68 | */ | 68 | */ |
| 69 | static long request_key_auth_read(const struct key *key, | 69 | static long request_key_auth_read(const struct key *key, |
| @@ -89,8 +89,9 @@ static long request_key_auth_read(const struct key *key, | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | /* | 91 | /* |
| 92 | * handle revocation of an authorisation token key | 92 | * Handle revocation of an authorisation token key. |
| 93 | * - called with the key sem write-locked | 93 | * |
| 94 | * Called with the key sem write-locked. | ||
| 94 | */ | 95 | */ |
| 95 | static void request_key_auth_revoke(struct key *key) | 96 | static void request_key_auth_revoke(struct key *key) |
| 96 | { | 97 | { |
| @@ -105,7 +106,7 @@ static void request_key_auth_revoke(struct key *key) | |||
| 105 | } | 106 | } |
| 106 | 107 | ||
| 107 | /* | 108 | /* |
| 108 | * destroy an instantiation authorisation token key | 109 | * Destroy an instantiation authorisation token key. |
| 109 | */ | 110 | */ |
| 110 | static void request_key_auth_destroy(struct key *key) | 111 | static void request_key_auth_destroy(struct key *key) |
| 111 | { | 112 | { |
| @@ -125,8 +126,8 @@ static void request_key_auth_destroy(struct key *key) | |||
| 125 | } | 126 | } |
| 126 | 127 | ||
| 127 | /* | 128 | /* |
| 128 | * create an authorisation token for /sbin/request-key or whoever to gain | 129 | * Create an authorisation token for /sbin/request-key or whoever to gain |
| 129 | * access to the caller's security data | 130 | * access to the caller's security data. |
| 130 | */ | 131 | */ |
| 131 | struct key *request_key_auth_new(struct key *target, const void *callout_info, | 132 | struct key *request_key_auth_new(struct key *target, const void *callout_info, |
| 132 | size_t callout_len, struct key *dest_keyring) | 133 | size_t callout_len, struct key *dest_keyring) |
| @@ -220,7 +221,7 @@ error_alloc: | |||
| 220 | } | 221 | } |
| 221 | 222 | ||
| 222 | /* | 223 | /* |
| 223 | * see if an authorisation key is associated with a particular key | 224 | * See if an authorisation key is associated with a particular key. |
| 224 | */ | 225 | */ |
| 225 | static int key_get_instantiation_authkey_match(const struct key *key, | 226 | static int key_get_instantiation_authkey_match(const struct key *key, |
| 226 | const void *_id) | 227 | const void *_id) |
| @@ -232,11 +233,8 @@ static int key_get_instantiation_authkey_match(const struct key *key, | |||
| 232 | } | 233 | } |
| 233 | 234 | ||
| 234 | /* | 235 | /* |
| 235 | * get the authorisation key for instantiation of a specific key if attached to | 236 | * Search the current process's keyrings for the authorisation key for |
| 236 | * the current process's keyrings | 237 | * instantiation of a key. |
| 237 | * - this key is inserted into a keyring and that is set as /sbin/request-key's | ||
| 238 | * session keyring | ||
| 239 | * - a target_id of zero specifies any valid token | ||
| 240 | */ | 238 | */ |
| 241 | struct key *key_get_instantiation_authkey(key_serial_t target_id) | 239 | struct key *key_get_instantiation_authkey(key_serial_t target_id) |
| 242 | { | 240 | { |