KEYS: Add a key type op to permit the key description to be vetted

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a key type operation to permit the key type to vet the description of a new
key that key_alloc() is about to allocate. The operation may reject the
description if it wishes with an error of its choosing. If it does this, the
key will not be allocated.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

authored by

David Howells and committed by

James Morris 15 years ago b9fffa38 633e804e

+37

4 changed files

expand all

Documentation

keys.txt

include

linux

key-type.h

net

rxrpc

ar-key.c

security

keys

key.c

Documentation/keys.txt

··· 1062 1062 viable. 1063 1063 1064 1064 1065 + (*) int (*vet_description)(const char *description); 1066 + 1067 + This optional method is called to vet a key description. If the key type 1068 + doesn't approve of the key description, it may return an error, otherwise 1069 + it should return 0. 1070 + 1071 + 1065 1072 (*) int (*instantiate)(struct key *key, const void *data, size_t datalen); 1066 1073 1067 1074 This method is called to attach a payload to a key during construction.

include/linux/key-type.h

··· 41 41 */ 42 42 size_t def_datalen; 43 43 44 + /* vet a description */ 45 + int (*vet_description)(const char *description); 46 + 44 47 /* instantiate a key of this type 45 48 * - this method should call key_payload_reserve() to determine if the 46 49 * user's quota will hold the payload

+19

net/rxrpc/ar-key.c

··· 25 25 #include <keys/user-type.h> 26 26 #include "ar-internal.h" 27 27 28 + static int rxrpc_vet_description_s(const char *); 28 29 static int rxrpc_instantiate(struct key *, const void *, size_t); 29 30 static int rxrpc_instantiate_s(struct key *, const void *, size_t); 30 31 static void rxrpc_destroy(struct key *); ··· 53 52 */ 54 53 struct key_type key_type_rxrpc_s = { 55 54 .name = "rxrpc_s", 55 + .vet_description = rxrpc_vet_description_s, 56 56 .instantiate = rxrpc_instantiate_s, 57 57 .match = user_match, 58 58 .destroy = rxrpc_destroy_s, 59 59 .describe = rxrpc_describe, 60 60 }; 61 + 62 + /* 63 + * Vet the description for an RxRPC server key 64 + */ 65 + static int rxrpc_vet_description_s(const char *desc) 66 + { 67 + unsigned long num; 68 + char *p; 69 + 70 + num = simple_strtoul(desc, &p, 10); 71 + if (*p != ':' || num > 65535) 72 + return -EINVAL; 73 + num = simple_strtoul(p + 1, &p, 10); 74 + if (*p || num < 1 || num > 255) 75 + return -EINVAL; 76 + return 0; 77 + } 61 78 62 79 /* 63 80 * parse an RxKAD type XDR format token

security/keys/key.c

··· 249 249 if (!desc || !*desc) 250 250 goto error; 251 251 252 + if (type->vet_description) { 253 + ret = type->vet_description(desc); 254 + if (ret < 0) { 255 + key = ERR_PTR(ret); 256 + goto error; 257 + } 258 + } 259 + 252 260 desclen = strlen(desc) + 1; 253 261 quotalen = desclen + type->def_datalen; 254 262