diff options
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/internal.h | 1 | ||||
| -rw-r--r-- | security/keys/keyring.c | 3 | ||||
| -rw-r--r-- | security/keys/request_key.c | 3 |
3 files changed, 5 insertions, 2 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index b8960c4959a5..200e37867336 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
| @@ -117,6 +117,7 @@ struct keyring_search_context { | |||
| 117 | #define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */ | 117 | #define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */ |
| 118 | #define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */ | 118 | #define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */ |
| 119 | #define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */ | 119 | #define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */ |
| 120 | #define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */ | ||
| 120 | 121 | ||
| 121 | int (*iterator)(const void *object, void *iterator_data); | 122 | int (*iterator)(const void *object, void *iterator_data); |
| 122 | 123 | ||
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 238aa172f25b..e72548b5897e 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -546,7 +546,8 @@ static int keyring_search_iterator(const void *object, void *iterator_data) | |||
| 546 | } | 546 | } |
| 547 | 547 | ||
| 548 | if (key->expiry && ctx->now.tv_sec >= key->expiry) { | 548 | if (key->expiry && ctx->now.tv_sec >= key->expiry) { |
| 549 | ctx->result = ERR_PTR(-EKEYEXPIRED); | 549 | if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) |
| 550 | ctx->result = ERR_PTR(-EKEYEXPIRED); | ||
| 550 | kleave(" = %d [expire]", ctx->skipped_ret); | 551 | kleave(" = %d [expire]", ctx->skipped_ret); |
| 551 | goto skipped; | 552 | goto skipped; |
| 552 | } | 553 | } |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 0bb23f98e4ca..0c7aea4dea54 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -516,7 +516,8 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 516 | .match_data.cmp = key_default_cmp, | 516 | .match_data.cmp = key_default_cmp, |
| 517 | .match_data.raw_data = description, | 517 | .match_data.raw_data = description, |
| 518 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | 518 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
| 519 | .flags = KEYRING_SEARCH_DO_STATE_CHECK, | 519 | .flags = (KEYRING_SEARCH_DO_STATE_CHECK | |
| 520 | KEYRING_SEARCH_SKIP_EXPIRED), | ||
| 520 | }; | 521 | }; |
| 521 | struct key *key; | 522 | struct key *key; |
| 522 | key_ref_t key_ref; | 523 | key_ref_t key_ref; |