summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-09-16 17:36:06 +0100
committerDavid Howells <dhowells@redhat.com>2014-09-16 17:36:06 +0100
commitc06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (patch)
tree8bc0e3794ffb426b3cbb2c0d7c2dbbd4b28e3054 /security
parent614d8c39014c185aa0f7254f0a470cc33fc1b284 (diff)
downloadop-kernel-dev-c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81.zip
op-kernel-dev-c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81.tar.gz
KEYS: Remove key_type::match in favour of overriding default by match_preparse
A previous patch added a ->match_preparse() method to the key type. This is allowed to override the function called by the iteration algorithm. Therefore, we can just set a default that simply checks for an exact match of the key description with the original criterion data and allow match_preparse to override it as needed. The key_type::match op is then redundant and can be removed, as can the user_match() function. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/big_key.c1
-rw-r--r--security/keys/encrypted-keys/encrypted.c1
-rw-r--r--security/keys/internal.h2
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/keyring.c15
-rw-r--r--security/keys/request_key.c2
-rw-r--r--security/keys/request_key_auth.c2
-rw-r--r--security/keys/trusted.c1
-rw-r--r--security/keys/user_defined.c12
9 files changed, 15 insertions, 23 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 4045c13..b6adb94 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -36,7 +36,6 @@ struct key_type key_type_big_key = {
.preparse = big_key_preparse,
.free_preparse = big_key_free_preparse,
.instantiate = generic_key_instantiate,
- .match = user_match,
.revoke = big_key_revoke,
.destroy = big_key_destroy,
.describe = big_key_describe,
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 5fe443d..db9675d 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -970,7 +970,6 @@ struct key_type key_type_encrypted = {
.name = "encrypted",
.instantiate = encrypted_instantiate,
.update = encrypted_update,
- .match = user_match,
.destroy = encrypted_destroy,
.describe = user_describe,
.read = encrypted_read,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index b47cc53..e66a16c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -127,6 +127,8 @@ struct keyring_search_context {
struct timespec now;
};
+extern int key_default_cmp(const struct key *key,
+ const struct key_match_data *match_data);
extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
struct keyring_search_context *ctx);
diff --git a/security/keys/key.c b/security/keys/key.c
index b90a68c..8c0092c 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -799,7 +799,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
}
key_ref = ERR_PTR(-EINVAL);
- if (!index_key.type->match || !index_key.type->instantiate ||
+ if (!index_key.type->instantiate ||
(!index_key.description && !index_key.type->preparse))
goto error_put_type;
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 10f0a5f..253c9a0 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -89,7 +89,6 @@ struct key_type key_type_keyring = {
.preparse = keyring_preparse,
.free_preparse = keyring_free_preparse,
.instantiate = keyring_instantiate,
- .match = user_match,
.revoke = keyring_revoke,
.destroy = keyring_destroy,
.describe = keyring_describe,
@@ -512,6 +511,15 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
EXPORT_SYMBOL(keyring_alloc);
/*
+ * By default, we keys found by getting an exact match on their descriptions.
+ */
+int key_default_cmp(const struct key *key,
+ const struct key_match_data *match_data)
+{
+ return strcmp(key->description, match_data->raw_data) == 0;
+}
+
+/*
* Iteration function to consider each key found.
*/
static int keyring_search_iterator(const void *object, void *iterator_data)
@@ -884,7 +892,7 @@ key_ref_t keyring_search(key_ref_t keyring,
.index_key.type = type,
.index_key.description = description,
.cred = current_cred(),
- .match_data.cmp = type->match,
+ .match_data.cmp = key_default_cmp,
.match_data.raw_data = description,
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
.flags = KEYRING_SEARCH_DO_STATE_CHECK,
@@ -892,9 +900,6 @@ key_ref_t keyring_search(key_ref_t keyring,
key_ref_t key;
int ret;
- if (!ctx.match_data.cmp)
- return ERR_PTR(-ENOKEY);
-
if (type->match_preparse) {
ret = type->match_preparse(&ctx.match_data);
if (ret < 0)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 408523e..dc6ed32 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -531,7 +531,7 @@ struct key *request_key_and_link(struct key_type *type,
.index_key.type = type,
.index_key.description = description,
.cred = current_cred(),
- .match_data.cmp = type->match,
+ .match_data.cmp = key_default_cmp,
.match_data.raw_data = description,
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
};
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 9ae0281..6639e2c 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -246,7 +246,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
.index_key.type = &key_type_request_key_auth,
.index_key.description = description,
.cred = current_cred(),
- .match_data.cmp = user_match,
+ .match_data.cmp = key_default_cmp,
.match_data.raw_data = description,
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
};
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 6b804aa..c0594cb 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1096,7 +1096,6 @@ struct key_type key_type_trusted = {
.name = "trusted",
.instantiate = trusted_instantiate,
.update = trusted_update,
- .match = user_match,
.destroy = trusted_destroy,
.describe = user_describe,
.read = trusted_read,
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index cd7e726..36b47bb 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -30,7 +30,6 @@ struct key_type key_type_user = {
.free_preparse = user_free_preparse,
.instantiate = generic_key_instantiate,
.update = user_update,
- .match = user_match,
.revoke = user_revoke,
.destroy = user_destroy,
.describe = user_describe,
@@ -51,7 +50,6 @@ struct key_type key_type_logon = {
.free_preparse = user_free_preparse,
.instantiate = generic_key_instantiate,
.update = user_update,
- .match = user_match,
.revoke = user_revoke,
.destroy = user_destroy,
.describe = user_describe,
@@ -137,16 +135,6 @@ error:
EXPORT_SYMBOL_GPL(user_update);
/*
- * match users on their name
- */
-int user_match(const struct key *key, const struct key_match_data *match_data)
-{
- return strcmp(key->description, match_data->raw_data) == 0;
-}
-
-EXPORT_SYMBOL_GPL(user_match);
-
-/*
* dispose of the links from a revoked keyring
* - called with the key sem write-locked
*/
OpenPOWER on IntegriCloud