keys: the request_key() syscall should link an existing key to the dest keyring

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Linux Kernel Mailing List

Subject: keys: the request_key() syscall should link an existing key to the dest keyring

Date: Tuesday, April 27, 2010 - 4:59 pm

Gitweb:     http://git.kernel.org/linus/03449cd9eaa4fa3a7faa4a59474bafe2e90bd143
Commit:     03449cd9eaa4fa3a7faa4a59474bafe2e90bd143
Parent:     a2cb9aeb3c9b2475955cec328487484034f414e4
Author:     David Howells <dhowells@redhat.com>
AuthorDate: Tue Apr 27 13:13:08 2010 -0700
Committer:  Linus Torvalds <torvalds@linux-foundation.org>
CommitDate: Tue Apr 27 16:26:03 2010 -0700

    keys: the request_key() syscall should link an existing key to the dest keyring
    
    The request_key() system call and request_key_and_link() should make a
    link from an existing key to the destination keyring (if supplied), not
    just from a new key to the destination keyring.
    
    This can be tested by:
    
    	ring=`keyctl newring fred @s`
    	keyctl request2 user debug:a a
    	keyctl request user debug:a $ring
    	keyctl list $ring
    
    If it says:
    
    	keyring is empty
    
    then it didn't work.  If it shows something like:
    
    	1 key in keyring:
    	1070462727: --alswrv     0     0 user: debug:a
    
    then it did.
    
    request_key() system call is meant to recursively search all your keyrings for
    the key you desire, and, optionally, if it doesn't exist, call out to userspace
    to create one for you.
    
    If request_key() finds or creates a key, it should, optionally, create a link
    to that key from the destination keyring specified.
    
    Therefore, if, after a successful call to request_key() with a desination
    keyring specified, you see the destination keyring empty, the code didn't work
    correctly.
    
    If you see the found key in the keyring, then it did - which is what the patch
    is required for.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 security/keys/request_key.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index ea97c31..d737cea 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
 
 key_already_present:
 	mutex_unlock(&key_construction_mutex);
-	if (dest_keyring)
+	if (dest_keyring) {
+		__key_link(dest_keyring, key_ref_to_ptr(key_ref));
 		up_write(&dest_keyring->sem);
+	}
 	mutex_unlock(&user->cons_lock);
 	key_put(key);
 	*_key = key = key_ref_to_ptr(key_ref);
@@ -431,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type,
 
 	if (!IS_ERR(key_ref)) {
 		key = key_ref_to_ptr(key_ref);
+		if (dest_keyring) {
+			construct_get_dest_keyring(&dest_keyring);
+			key_link(dest_keyring, key);
+			key_put(dest_keyring);
+		}
 	} else if (PTR_ERR(key_ref) != -EAGAIN) {
 		key = ERR_CAST(key_ref);
 	} else  {
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

keys: the request_key() syscall should link an existing ke ..., Linux Kernel Mailing ..., (Tue Apr 27, 4:59 pm)


linux-kernel:
Fortier,Vincent [Montreal]	2.6.21.5 june 30th to july 1st date hang?
Jeff Dike	[ PATCH 2/6 ] UML - Formatting fixes around os_{read_write}_file callers
Liam Girdwood	[PATCH 07/13] regulator: regulator test harness
Oleg Nesterov	Re: Getting the new RxRPC patches upstream
Stefan Seyfried	Re: 2.6.19-rc5: grub is much slower resuming from suspend-to-disk than in 2.6.18
linux-netdev:
Arnaud Ebalard	Re: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Jan Engelhardt	Re: [PATCH iptables] extension: add xt_cpu match
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Sebastian Andrzej Siewior	[PATCH 8/8] net/emergency: remove locking from reycling pool if emergncy pools are...
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
git:
Jakub Narebski	Re: git on MacOSX and files with decomposed utf-8 file names
Brandon Casey	Re: Thunderbird and patches (was Re: [PATCH v2] Enable setting attach as the def...
Christian Couder	[PATCH 1/3] rev-parse: add test script for "--verify"
Ramkumar Ramachandra	Re: [GSoC update] git-remote-svn: The final one
Junio C Hamano	Re: git-rm isn't the inverse action of git-add
openbsd-misc:
Joachim Schipper	Re: UVC Webcams
Florin Andrei	SOLVED [was: firewall is very slow, something's wrong]
Todd Alan Smith	Re: Microsoft gets the Most Secure Operating Systems award
Neal Hogan	Re: Need Advice: Thinkpad T60 or T61?
Sam Fourman Jr.	Re: Real men don't attack straw men
git-commits-head:
Linux Kernel Mailing List	ACPI: Disable ARB_DISABLE on platforms where it is not needed
Linux Kernel Mailing List	m68knommu: add read_barrier_depends() and irqs_disabled_flags()
Linux Kernel Mailing List	[MTD] Add mtd panic_write function pointer
Linux Kernel Mailing List	[ARM] pxa: remove duplicate select statements from Kconfig
Linux Kernel Mailing List	mlx4_core: Don't read reserved fields in mlx4_QUERY_ADAPTER()