From: David Howells <dhowells@redhat.com>
To: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 07/10] KEYS: Search for auth-key by name rather than targt key ID
Date: Wed, 17 Jul 2013 21:44:15 +0100 [thread overview]
Message-ID: <20130717204415.8591.41028.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20130717204314.8591.52892.stgit@warthog.procyon.org.uk>
Search for auth-key by name rather than by target key ID as, in a future
patch, we'll by searching directly by index key in preference to iteration
over all keys.
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/request_key_auth.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 8d09852..7495a93 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -18,6 +18,7 @@
#include <linux/slab.h>
#include <asm/uaccess.h>
#include "internal.h"
+#include <keys/user-type.h>
static int request_key_auth_instantiate(struct key *,
struct key_preparsed_payload *);
@@ -222,33 +223,25 @@ error_alloc:
}
/*
- * See if an authorisation key is associated with a particular key.
- */
-static int key_get_instantiation_authkey_match(const struct key *key,
- const void *_id)
-{
- struct request_key_auth *rka = key->payload.data;
- key_serial_t id = (key_serial_t)(unsigned long) _id;
-
- return rka->target_key->serial == id;
-}
-
-/*
* Search the current process's keyrings for the authorisation key for
* instantiation of a key.
*/
struct key *key_get_instantiation_authkey(key_serial_t target_id)
{
+ char description[16];
struct keyring_search_context ctx = {
.index_key.type = &key_type_request_key_auth,
+ .index_key.description = description,
.cred = current_cred(),
- .match = key_get_instantiation_authkey_match,
- .match_data = (void *)(unsigned long)target_id,
+ .match = user_match,
+ .match_data = description,
.flags = KEYRING_SEARCH_LOOKUP_DIRECT,
};
struct key *authkey;
key_ref_t authkey_ref;
+ sprintf(description, "%x", target_id);
+
authkey_ref = search_process_keyrings(&ctx);
if (IS_ERR(authkey_ref)) {
next prev parent reply other threads:[~2013-07-17 20:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 20:43 [RFC][PATCH 00/10] Associative array & Massive expansion of keyring capacity David Howells
2013-07-17 20:43 ` [PATCH 01/10] KEYS: Skip key state checks when checking for possession David Howells
2013-07-17 20:43 ` [PATCH 02/10] Add a generic associative array implementation David Howells
2013-07-17 20:53 ` Joe Perches
2013-07-17 21:01 ` David Howells
2013-07-18 13:18 ` [PATCH] Assoc_array: Drop leaf-type concept David Howells
2013-07-18 21:31 ` George Spelvin
2013-07-19 14:37 ` David Howells
2013-07-17 20:43 ` [PATCH 03/10] KEYS: Use bool in make_key_ref() and is_key_possessed() David Howells
2013-07-17 20:43 ` [PATCH 04/10] KEYS: key_is_dead() should take a const key pointer argument David Howells
2013-07-17 20:43 ` [PATCH 05/10] KEYS: Consolidate the concept of an 'index key' for key access David Howells
2013-07-17 20:44 ` [PATCH 06/10] KEYS: Introduce a search context structure David Howells
2013-07-17 20:44 ` David Howells [this message]
2013-07-17 20:44 ` [PATCH 08/10] KEYS: Define a __key_get() wrapper to use rather than atomic_inc() David Howells
2013-07-17 20:44 ` [PATCH 09/10] KEYS: Drop the permissions argument from __keyring_search_one() David Howells
2013-07-17 20:44 ` [PATCH 10/10] KEYS: Expand the capacity of a keyring David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130717204415.8591.41028.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.