KEYS: Add a key type op to permit the key description to be vetted

Add a key type operation to permit the key type to vet the description of a new
key that key_alloc() is about to allocate.  The operation may reject the
description if it wishes with an error of its choosing.  If it does this, the
key will not be allocated.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells 2011-03-07 15:05:59 +00:00 committed by James Morris
parent 633e804e89
commit b9fffa3877
4 changed files with 37 additions and 0 deletions

View File

@ -1062,6 +1062,13 @@ The structure has a number of fields, some of which are mandatory:
viable. viable.
(*) int (*vet_description)(const char *description);
This optional method is called to vet a key description. If the key type
doesn't approve of the key description, it may return an error, otherwise
it should return 0.
(*) int (*instantiate)(struct key *key, const void *data, size_t datalen); (*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
This method is called to attach a payload to a key during construction. This method is called to attach a payload to a key during construction.

View File

@ -41,6 +41,9 @@ struct key_type {
*/ */
size_t def_datalen; size_t def_datalen;
/* vet a description */
int (*vet_description)(const char *description);
/* instantiate a key of this type /* instantiate a key of this type
* - this method should call key_payload_reserve() to determine if the * - this method should call key_payload_reserve() to determine if the
* user's quota will hold the payload * user's quota will hold the payload

View File

@ -25,6 +25,7 @@
#include <keys/user-type.h> #include <keys/user-type.h>
#include "ar-internal.h" #include "ar-internal.h"
static int rxrpc_vet_description_s(const char *);
static int rxrpc_instantiate(struct key *, const void *, size_t); static int rxrpc_instantiate(struct key *, const void *, size_t);
static int rxrpc_instantiate_s(struct key *, const void *, size_t); static int rxrpc_instantiate_s(struct key *, const void *, size_t);
static void rxrpc_destroy(struct key *); static void rxrpc_destroy(struct key *);
@ -52,12 +53,30 @@ EXPORT_SYMBOL(key_type_rxrpc);
*/ */
struct key_type key_type_rxrpc_s = { struct key_type key_type_rxrpc_s = {
.name = "rxrpc_s", .name = "rxrpc_s",
.vet_description = rxrpc_vet_description_s,
.instantiate = rxrpc_instantiate_s, .instantiate = rxrpc_instantiate_s,
.match = user_match, .match = user_match,
.destroy = rxrpc_destroy_s, .destroy = rxrpc_destroy_s,
.describe = rxrpc_describe, .describe = rxrpc_describe,
}; };
/*
* Vet the description for an RxRPC server key
*/
static int rxrpc_vet_description_s(const char *desc)
{
unsigned long num;
char *p;
num = simple_strtoul(desc, &p, 10);
if (*p != ':' || num > 65535)
return -EINVAL;
num = simple_strtoul(p + 1, &p, 10);
if (*p || num < 1 || num > 255)
return -EINVAL;
return 0;
}
/* /*
* parse an RxKAD type XDR format token * parse an RxKAD type XDR format token
* - the caller guarantees we have at least 4 words * - the caller guarantees we have at least 4 words

View File

@ -249,6 +249,14 @@ struct key *key_alloc(struct key_type *type, const char *desc,
if (!desc || !*desc) if (!desc || !*desc)
goto error; goto error;
if (type->vet_description) {
ret = type->vet_description(desc);
if (ret < 0) {
key = ERR_PTR(ret);
goto error;
}
}
desclen = strlen(desc) + 1; desclen = strlen(desc) + 1;
quotalen = desclen + type->def_datalen; quotalen = desclen + type->def_datalen;