| process_keys.c (97eb3f24352ec6632c2127b35d8087d2a809a9b9) | process_keys.c (78b7280cce23293f7570ad52c1ffe1485c6d9669) |
|---|---|
| 1/* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 317 unchanged lines hidden (view full) --- 326 * matched negative keys. 327 * 328 * In the case of a successful return, the possession attribute is set on the 329 * returned key reference. 330 */ 331key_ref_t search_my_process_keyrings(struct key_type *type, 332 const void *description, 333 key_match_func_t match, | 1/* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 317 unchanged lines hidden (view full) --- 326 * matched negative keys. 327 * 328 * In the case of a successful return, the possession attribute is set on the 329 * returned key reference. 330 */ 331key_ref_t search_my_process_keyrings(struct key_type *type, 332 const void *description, 333 key_match_func_t match, |
| 334 bool no_state_check, |
|
| 334 const struct cred *cred) 335{ 336 key_ref_t key_ref, ret, err; 337 338 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 339 * searchable, but we failed to find a key or we found a negative key; 340 * otherwise we want to return a sample error (probably -EACCES) if 341 * none of the keyrings were searchable 342 * 343 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 344 */ 345 key_ref = NULL; 346 ret = NULL; 347 err = ERR_PTR(-EAGAIN); 348 349 /* search the thread keyring first */ 350 if (cred->thread_keyring) { 351 key_ref = keyring_search_aux( 352 make_key_ref(cred->thread_keyring, 1), | 335 const struct cred *cred) 336{ 337 key_ref_t key_ref, ret, err; 338 339 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 340 * searchable, but we failed to find a key or we found a negative key; 341 * otherwise we want to return a sample error (probably -EACCES) if 342 * none of the keyrings were searchable 343 * 344 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 345 */ 346 key_ref = NULL; 347 ret = NULL; 348 err = ERR_PTR(-EAGAIN); 349 350 /* search the thread keyring first */ 351 if (cred->thread_keyring) { 352 key_ref = keyring_search_aux( 353 make_key_ref(cred->thread_keyring, 1), |
| 353 cred, type, description, match); | 354 cred, type, description, match, no_state_check); |
| 354 if (!IS_ERR(key_ref)) 355 goto found; 356 357 switch (PTR_ERR(key_ref)) { 358 case -EAGAIN: /* no key */ 359 if (ret) 360 break; 361 case -ENOKEY: /* negative key */ --- 4 unchanged lines hidden (view full) --- 366 break; 367 } 368 } 369 370 /* search the process keyring second */ 371 if (cred->tgcred->process_keyring) { 372 key_ref = keyring_search_aux( 373 make_key_ref(cred->tgcred->process_keyring, 1), | 355 if (!IS_ERR(key_ref)) 356 goto found; 357 358 switch (PTR_ERR(key_ref)) { 359 case -EAGAIN: /* no key */ 360 if (ret) 361 break; 362 case -ENOKEY: /* negative key */ --- 4 unchanged lines hidden (view full) --- 367 break; 368 } 369 } 370 371 /* search the process keyring second */ 372 if (cred->tgcred->process_keyring) { 373 key_ref = keyring_search_aux( 374 make_key_ref(cred->tgcred->process_keyring, 1), |
| 374 cred, type, description, match); | 375 cred, type, description, match, no_state_check); |
| 375 if (!IS_ERR(key_ref)) 376 goto found; 377 378 switch (PTR_ERR(key_ref)) { 379 case -EAGAIN: /* no key */ 380 if (ret) 381 break; 382 case -ENOKEY: /* negative key */ --- 7 unchanged lines hidden (view full) --- 390 391 /* search the session keyring */ 392 if (cred->tgcred->session_keyring) { 393 rcu_read_lock(); 394 key_ref = keyring_search_aux( 395 make_key_ref(rcu_dereference( 396 cred->tgcred->session_keyring), 397 1), | 376 if (!IS_ERR(key_ref)) 377 goto found; 378 379 switch (PTR_ERR(key_ref)) { 380 case -EAGAIN: /* no key */ 381 if (ret) 382 break; 383 case -ENOKEY: /* negative key */ --- 7 unchanged lines hidden (view full) --- 391 392 /* search the session keyring */ 393 if (cred->tgcred->session_keyring) { 394 rcu_read_lock(); 395 key_ref = keyring_search_aux( 396 make_key_ref(rcu_dereference( 397 cred->tgcred->session_keyring), 398 1), |
| 398 cred, type, description, match); | 399 cred, type, description, match, no_state_check); |
| 399 rcu_read_unlock(); 400 401 if (!IS_ERR(key_ref)) 402 goto found; 403 404 switch (PTR_ERR(key_ref)) { 405 case -EAGAIN: /* no key */ 406 if (ret) --- 5 unchanged lines hidden (view full) --- 412 err = key_ref; 413 break; 414 } 415 } 416 /* or search the user-session keyring */ 417 else if (cred->user->session_keyring) { 418 key_ref = keyring_search_aux( 419 make_key_ref(cred->user->session_keyring, 1), | 400 rcu_read_unlock(); 401 402 if (!IS_ERR(key_ref)) 403 goto found; 404 405 switch (PTR_ERR(key_ref)) { 406 case -EAGAIN: /* no key */ 407 if (ret) --- 5 unchanged lines hidden (view full) --- 413 err = key_ref; 414 break; 415 } 416 } 417 /* or search the user-session keyring */ 418 else if (cred->user->session_keyring) { 419 key_ref = keyring_search_aux( 420 make_key_ref(cred->user->session_keyring, 1), |
| 420 cred, type, description, match); | 421 cred, type, description, match, no_state_check); |
| 421 if (!IS_ERR(key_ref)) 422 goto found; 423 424 switch (PTR_ERR(key_ref)) { 425 case -EAGAIN: /* no key */ 426 if (ret) 427 break; 428 case -ENOKEY: /* negative key */ --- 25 unchanged lines hidden (view full) --- 454 key_match_func_t match, 455 const struct cred *cred) 456{ 457 struct request_key_auth *rka; 458 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 459 460 might_sleep(); 461 | 422 if (!IS_ERR(key_ref)) 423 goto found; 424 425 switch (PTR_ERR(key_ref)) { 426 case -EAGAIN: /* no key */ 427 if (ret) 428 break; 429 case -ENOKEY: /* negative key */ --- 25 unchanged lines hidden (view full) --- 455 key_match_func_t match, 456 const struct cred *cred) 457{ 458 struct request_key_auth *rka; 459 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 460 461 might_sleep(); 462 |
| 462 key_ref = search_my_process_keyrings(type, description, match, cred); | 463 key_ref = search_my_process_keyrings(type, description, match, 464 false, cred); |
| 463 if (!IS_ERR(key_ref)) 464 goto found; 465 err = key_ref; 466 467 /* if this process has an instantiation authorisation key, then we also 468 * search the keyrings of the process mentioned there 469 * - we don't permit access to request_key auth keys via this method 470 */ --- 394 unchanged lines hidden --- | 465 if (!IS_ERR(key_ref)) 466 goto found; 467 err = key_ref; 468 469 /* if this process has an instantiation authorisation key, then we also 470 * search the keyrings of the process mentioned there 471 * - we don't permit access to request_key auth keys via this method 472 */ --- 394 unchanged lines hidden --- |