KEYS: Add a key type op to permit the key description to be vetted
Add a key type operation to permit the key type to vet the description of a new key that key_alloc() is about to allocate. The operation may reject the description if it wishes with an error of its choosing. If it does this, the key will not be allocated. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
633e804e89
commit
b9fffa3877
@ -1062,6 +1062,13 @@ The structure has a number of fields, some of which are mandatory:
|
|||||||
viable.
|
viable.
|
||||||
|
|
||||||
|
|
||||||
|
(*) int (*vet_description)(const char *description);
|
||||||
|
|
||||||
|
This optional method is called to vet a key description. If the key type
|
||||||
|
doesn't approve of the key description, it may return an error, otherwise
|
||||||
|
it should return 0.
|
||||||
|
|
||||||
|
|
||||||
(*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
|
(*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
|
||||||
|
|
||||||
This method is called to attach a payload to a key during construction.
|
This method is called to attach a payload to a key during construction.
|
||||||
|
@ -41,6 +41,9 @@ struct key_type {
|
|||||||
*/
|
*/
|
||||||
size_t def_datalen;
|
size_t def_datalen;
|
||||||
|
|
||||||
|
/* vet a description */
|
||||||
|
int (*vet_description)(const char *description);
|
||||||
|
|
||||||
/* instantiate a key of this type
|
/* instantiate a key of this type
|
||||||
* - this method should call key_payload_reserve() to determine if the
|
* - this method should call key_payload_reserve() to determine if the
|
||||||
* user's quota will hold the payload
|
* user's quota will hold the payload
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
#include <keys/user-type.h>
|
#include <keys/user-type.h>
|
||||||
#include "ar-internal.h"
|
#include "ar-internal.h"
|
||||||
|
|
||||||
|
static int rxrpc_vet_description_s(const char *);
|
||||||
static int rxrpc_instantiate(struct key *, const void *, size_t);
|
static int rxrpc_instantiate(struct key *, const void *, size_t);
|
||||||
static int rxrpc_instantiate_s(struct key *, const void *, size_t);
|
static int rxrpc_instantiate_s(struct key *, const void *, size_t);
|
||||||
static void rxrpc_destroy(struct key *);
|
static void rxrpc_destroy(struct key *);
|
||||||
@ -52,12 +53,30 @@ EXPORT_SYMBOL(key_type_rxrpc);
|
|||||||
*/
|
*/
|
||||||
struct key_type key_type_rxrpc_s = {
|
struct key_type key_type_rxrpc_s = {
|
||||||
.name = "rxrpc_s",
|
.name = "rxrpc_s",
|
||||||
|
.vet_description = rxrpc_vet_description_s,
|
||||||
.instantiate = rxrpc_instantiate_s,
|
.instantiate = rxrpc_instantiate_s,
|
||||||
.match = user_match,
|
.match = user_match,
|
||||||
.destroy = rxrpc_destroy_s,
|
.destroy = rxrpc_destroy_s,
|
||||||
.describe = rxrpc_describe,
|
.describe = rxrpc_describe,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Vet the description for an RxRPC server key
|
||||||
|
*/
|
||||||
|
static int rxrpc_vet_description_s(const char *desc)
|
||||||
|
{
|
||||||
|
unsigned long num;
|
||||||
|
char *p;
|
||||||
|
|
||||||
|
num = simple_strtoul(desc, &p, 10);
|
||||||
|
if (*p != ':' || num > 65535)
|
||||||
|
return -EINVAL;
|
||||||
|
num = simple_strtoul(p + 1, &p, 10);
|
||||||
|
if (*p || num < 1 || num > 255)
|
||||||
|
return -EINVAL;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* parse an RxKAD type XDR format token
|
* parse an RxKAD type XDR format token
|
||||||
* - the caller guarantees we have at least 4 words
|
* - the caller guarantees we have at least 4 words
|
||||||
|
@ -249,6 +249,14 @@ struct key *key_alloc(struct key_type *type, const char *desc,
|
|||||||
if (!desc || !*desc)
|
if (!desc || !*desc)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
if (type->vet_description) {
|
||||||
|
ret = type->vet_description(desc);
|
||||||
|
if (ret < 0) {
|
||||||
|
key = ERR_PTR(ret);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
desclen = strlen(desc) + 1;
|
desclen = strlen(desc) + 1;
|
||||||
quotalen = desclen + type->def_datalen;
|
quotalen = desclen + type->def_datalen;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user