| keyring.c (72ed73c3f0801e860ee27e53ab6aaf47941ba324) | keyring.c (78b7280cce23293f7570ad52c1ffe1485c6d9669) |
|---|---|
| 1/* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 162 unchanged lines hidden (view full) --- 171{ 172 struct keyring_list *klist; 173 174 if (keyring->description) 175 seq_puts(m, keyring->description); 176 else 177 seq_puts(m, "[anon]"); 178 | 1/* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 162 unchanged lines hidden (view full) --- 171{ 172 struct keyring_list *klist; 173 174 if (keyring->description) 175 seq_puts(m, keyring->description); 176 else 177 seq_puts(m, "[anon]"); 178 |
| 179 rcu_read_lock(); 180 klist = rcu_dereference(keyring->payload.subscriptions); 181 if (klist) 182 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 183 else 184 seq_puts(m, ": empty"); 185 rcu_read_unlock(); | 179 if (key_is_instantiated(keyring)) { 180 rcu_read_lock(); 181 klist = rcu_dereference(keyring->payload.subscriptions); 182 if (klist) 183 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 184 else 185 seq_puts(m, ": empty"); 186 rcu_read_unlock(); 187 } |
| 186} 187 188/* 189 * Read a list of key IDs from the keyring's contents in binary form 190 * 191 * The keyring's semaphore is read-locked by the caller. 192 */ 193static long keyring_read(const struct key *keyring, --- 72 unchanged lines hidden (view full) --- 266 267/** 268 * keyring_search_aux - Search a keyring tree for a key matching some criteria 269 * @keyring_ref: A pointer to the keyring with possession indicator. 270 * @cred: The credentials to use for permissions checks. 271 * @type: The type of key to search for. 272 * @description: Parameter for @match. 273 * @match: Function to rule on whether or not a key is the one required. | 188} 189 190/* 191 * Read a list of key IDs from the keyring's contents in binary form 192 * 193 * The keyring's semaphore is read-locked by the caller. 194 */ 195static long keyring_read(const struct key *keyring, --- 72 unchanged lines hidden (view full) --- 268 269/** 270 * keyring_search_aux - Search a keyring tree for a key matching some criteria 271 * @keyring_ref: A pointer to the keyring with possession indicator. 272 * @cred: The credentials to use for permissions checks. 273 * @type: The type of key to search for. 274 * @description: Parameter for @match. 275 * @match: Function to rule on whether or not a key is the one required. |
| 276 * @no_state_check: Don't check if a matching key is bad |
|
| 274 * 275 * Search the supplied keyring tree for a key that matches the criteria given. 276 * The root keyring and any linked keyrings must grant Search permission to the 277 * caller to be searchable and keys can only be found if they too grant Search 278 * to the caller. The possession flag on the root keyring pointer controls use 279 * of the possessor bits in permissions checking of the entire tree. In 280 * addition, the LSM gets to forbid keyring searches and key matches. 281 * --- 16 unchanged lines hidden (view full) --- 298 * 299 * In the case of a successful return, the possession attribute from 300 * @keyring_ref is propagated to the returned key reference. 301 */ 302key_ref_t keyring_search_aux(key_ref_t keyring_ref, 303 const struct cred *cred, 304 struct key_type *type, 305 const void *description, | 277 * 278 * Search the supplied keyring tree for a key that matches the criteria given. 279 * The root keyring and any linked keyrings must grant Search permission to the 280 * caller to be searchable and keys can only be found if they too grant Search 281 * to the caller. The possession flag on the root keyring pointer controls use 282 * of the possessor bits in permissions checking of the entire tree. In 283 * addition, the LSM gets to forbid keyring searches and key matches. 284 * --- 16 unchanged lines hidden (view full) --- 301 * 302 * In the case of a successful return, the possession attribute from 303 * @keyring_ref is propagated to the returned key reference. 304 */ 305key_ref_t keyring_search_aux(key_ref_t keyring_ref, 306 const struct cred *cred, 307 struct key_type *type, 308 const void *description, |
| 306 key_match_func_t match) | 309 key_match_func_t match, 310 bool no_state_check) |
| 307{ 308 struct { 309 struct keyring_list *keylist; 310 int kix; 311 } stack[KEYRING_SEARCH_MAX_DEPTH]; 312 313 struct keyring_list *keylist; 314 struct timespec now; --- 25 unchanged lines hidden (view full) --- 340 sp = 0; 341 342 /* firstly we should check to see if this top-level keyring is what we 343 * are looking for */ 344 key_ref = ERR_PTR(-EAGAIN); 345 kflags = keyring->flags; 346 if (keyring->type == type && match(keyring, description)) { 347 key = keyring; | 311{ 312 struct { 313 struct keyring_list *keylist; 314 int kix; 315 } stack[KEYRING_SEARCH_MAX_DEPTH]; 316 317 struct keyring_list *keylist; 318 struct timespec now; --- 25 unchanged lines hidden (view full) --- 344 sp = 0; 345 346 /* firstly we should check to see if this top-level keyring is what we 347 * are looking for */ 348 key_ref = ERR_PTR(-EAGAIN); 349 kflags = keyring->flags; 350 if (keyring->type == type && match(keyring, description)) { 351 key = keyring; |
| 352 if (no_state_check) 353 goto found; |
|
| 348 349 /* check it isn't negative and hasn't expired or been 350 * revoked */ 351 if (kflags & (1 << KEY_FLAG_REVOKED)) 352 goto error_2; 353 if (key->expiry && now.tv_sec >= key->expiry) 354 goto error_2; 355 key_ref = ERR_PTR(key->type_data.reject_error); --- 23 unchanged lines hidden (view full) --- 379 key = keylist->keys[kix]; 380 kflags = key->flags; 381 382 /* ignore keys not of this type */ 383 if (key->type != type) 384 continue; 385 386 /* skip revoked keys and expired keys */ | 354 355 /* check it isn't negative and hasn't expired or been 356 * revoked */ 357 if (kflags & (1 << KEY_FLAG_REVOKED)) 358 goto error_2; 359 if (key->expiry && now.tv_sec >= key->expiry) 360 goto error_2; 361 key_ref = ERR_PTR(key->type_data.reject_error); --- 23 unchanged lines hidden (view full) --- 385 key = keylist->keys[kix]; 386 kflags = key->flags; 387 388 /* ignore keys not of this type */ 389 if (key->type != type) 390 continue; 391 392 /* skip revoked keys and expired keys */ |
| 387 if (kflags & (1 << KEY_FLAG_REVOKED)) 388 continue; | 393 if (!no_state_check) { 394 if (kflags & (1 << KEY_FLAG_REVOKED)) 395 continue; |
| 389 | 396 |
| 390 if (key->expiry && now.tv_sec >= key->expiry) 391 continue; | 397 if (key->expiry && now.tv_sec >= key->expiry) 398 continue; 399 } |
| 392 393 /* keys that don't match */ 394 if (!match(key, description)) 395 continue; 396 397 /* key must have search permissions */ 398 if (key_task_permission(make_key_ref(key, possessed), 399 cred, KEY_SEARCH) < 0) 400 continue; 401 | 400 401 /* keys that don't match */ 402 if (!match(key, description)) 403 continue; 404 405 /* key must have search permissions */ 406 if (key_task_permission(make_key_ref(key, possessed), 407 cred, KEY_SEARCH) < 0) 408 continue; 409 |
| 410 if (no_state_check) 411 goto found; 412 |
|
| 402 /* we set a different error code if we pass a negative key */ 403 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 404 err = key->type_data.reject_error; 405 continue; 406 } 407 408 goto found; 409 } --- 63 unchanged lines hidden (view full) --- 473key_ref_t keyring_search(key_ref_t keyring, 474 struct key_type *type, 475 const char *description) 476{ 477 if (!type->match) 478 return ERR_PTR(-ENOKEY); 479 480 return keyring_search_aux(keyring, current->cred, | 413 /* we set a different error code if we pass a negative key */ 414 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 415 err = key->type_data.reject_error; 416 continue; 417 } 418 419 goto found; 420 } --- 63 unchanged lines hidden (view full) --- 484key_ref_t keyring_search(key_ref_t keyring, 485 struct key_type *type, 486 const char *description) 487{ 488 if (!type->match) 489 return ERR_PTR(-ENOKEY); 490 491 return keyring_search_aux(keyring, current->cred, |
| 481 type, description, type->match); | 492 type, description, type->match, false); |
| 482} 483EXPORT_SYMBOL(keyring_search); 484 485/* 486 * Search the given keyring only (no recursion). 487 * 488 * The caller must guarantee that the keyring is a keyring and that the 489 * permission is granted to search the keyring as no check is made here. --- 726 unchanged lines hidden --- | 493} 494EXPORT_SYMBOL(keyring_search); 495 496/* 497 * Search the given keyring only (no recursion). 498 * 499 * The caller must guarantee that the keyring is a keyring and that the 500 * permission is granted to search the keyring as no check is made here. --- 726 unchanged lines hidden --- |