From: David Howells <dhowells@redhat.com>
To: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 09/10] KEYS: Drop the permissions argument from __keyring_search_one()
Date: Wed, 17 Jul 2013 21:44:33 +0100 [thread overview]
Message-ID: <20130717204433.8591.42799.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20130717204314.8591.52892.stgit@warthog.procyon.org.uk>
Drop the permissions argument from __keyring_search_one() as the only caller
passes 0 here - which causes all checks to be skipped.
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/internal.h | 3 +--
security/keys/key.c | 2 +-
security/keys/keyring.c | 9 +++------
3 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/security/keys/internal.h b/security/keys/internal.h
index f4bf938..73950bf 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -99,8 +99,7 @@ extern void __key_link_end(struct key *keyring,
unsigned long prealloc);
extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
- const struct keyring_index_key *index_key,
- key_perm_t perm);
+ const struct keyring_index_key *index_key);
extern struct key *keyring_search_instkey(struct key *keyring,
key_serial_t target_id);
diff --git a/security/keys/key.c b/security/keys/key.c
index 1e23cc2..7d716b8 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -847,7 +847,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
* update that instead if possible
*/
if (index_key.type->update) {
- key_ref = __keyring_search_one(keyring_ref, &index_key, 0);
+ key_ref = __keyring_search_one(keyring_ref, &index_key);
if (!IS_ERR(key_ref))
goto found_matching_key;
}
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 35e21d9..37e0d65 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -531,15 +531,14 @@ EXPORT_SYMBOL(keyring_search);
* RCU is used to make it unnecessary to lock the keyring key list here.
*
* Returns a pointer to the found key with usage count incremented if
- * successful and returns -ENOKEY if not found. Revoked keys and keys not
- * providing the requested permission are skipped over.
+ * successful and returns -ENOKEY if not found. Revoked and invalidated keys
+ * are skipped over.
*
* If successful, the possession indicator is propagated from the keyring ref
* to the returned key reference.
*/
key_ref_t __keyring_search_one(key_ref_t keyring_ref,
- const struct keyring_index_key *index_key,
- key_perm_t perm)
+ const struct keyring_index_key *index_key)
{
struct keyring_list *klist;
struct key *keyring, *key;
@@ -560,8 +559,6 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
if (key->type == index_key->type &&
(!key->type->match ||
key->type->match(key, index_key->description)) &&
- key_permission(make_key_ref(key, possessed),
- perm) == 0 &&
!(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
(1 << KEY_FLAG_REVOKED)))
)
next prev parent reply other threads:[~2013-07-17 20:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 20:43 [RFC][PATCH 00/10] Associative array & Massive expansion of keyring capacity David Howells
2013-07-17 20:43 ` [PATCH 01/10] KEYS: Skip key state checks when checking for possession David Howells
2013-07-17 20:43 ` [PATCH 02/10] Add a generic associative array implementation David Howells
2013-07-17 20:53 ` Joe Perches
2013-07-17 21:01 ` David Howells
2013-07-18 13:18 ` [PATCH] Assoc_array: Drop leaf-type concept David Howells
2013-07-18 21:31 ` George Spelvin
2013-07-19 14:37 ` David Howells
2013-07-17 20:43 ` [PATCH 03/10] KEYS: Use bool in make_key_ref() and is_key_possessed() David Howells
2013-07-17 20:43 ` [PATCH 04/10] KEYS: key_is_dead() should take a const key pointer argument David Howells
2013-07-17 20:43 ` [PATCH 05/10] KEYS: Consolidate the concept of an 'index key' for key access David Howells
2013-07-17 20:44 ` [PATCH 06/10] KEYS: Introduce a search context structure David Howells
2013-07-17 20:44 ` [PATCH 07/10] KEYS: Search for auth-key by name rather than targt key ID David Howells
2013-07-17 20:44 ` [PATCH 08/10] KEYS: Define a __key_get() wrapper to use rather than atomic_inc() David Howells
2013-07-17 20:44 ` David Howells [this message]
2013-07-17 20:44 ` [PATCH 10/10] KEYS: Expand the capacity of a keyring David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130717204433.8591.42799.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).