mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 21:03:32 +00:00
Merge branch 'keys-fixes' into keys-next
Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
commit
633706a2ee
6 changed files with 20 additions and 3 deletions
|
@ -22,7 +22,6 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
||||||
|
|
||||||
config PUBLIC_KEY_ALGO_RSA
|
config PUBLIC_KEY_ALGO_RSA
|
||||||
tristate "RSA public-key algorithm"
|
tristate "RSA public-key algorithm"
|
||||||
select MPILIB_EXTRA
|
|
||||||
select MPILIB
|
select MPILIB
|
||||||
help
|
help
|
||||||
This option enables support for the RSA algorithm (PKCS#1, RFC3447).
|
This option enables support for the RSA algorithm (PKCS#1, RFC3447).
|
||||||
|
|
|
@ -284,6 +284,8 @@ static struct key *nfs_idmap_request_key(const char *name, size_t namelen,
|
||||||
desc, "", 0, idmap);
|
desc, "", 0, idmap);
|
||||||
mutex_unlock(&idmap->idmap_mutex);
|
mutex_unlock(&idmap->idmap_mutex);
|
||||||
}
|
}
|
||||||
|
if (!IS_ERR(rkey))
|
||||||
|
set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
|
||||||
|
|
||||||
kfree(desc);
|
kfree(desc);
|
||||||
return rkey;
|
return rkey;
|
||||||
|
|
|
@ -171,6 +171,7 @@ struct key {
|
||||||
#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
|
#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
|
||||||
#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
|
#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
|
||||||
#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
|
#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
|
||||||
|
#define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
|
||||||
|
|
||||||
/* the key type and key description string
|
/* the key type and key description string
|
||||||
* - the desc is used to match a key against search criteria
|
* - the desc is used to match a key against search criteria
|
||||||
|
|
|
@ -451,7 +451,8 @@ config MPILIB
|
||||||
|
|
||||||
config SIGNATURE
|
config SIGNATURE
|
||||||
tristate
|
tristate
|
||||||
depends on KEYS && CRYPTO
|
depends on KEYS
|
||||||
|
select CRYPTO
|
||||||
select CRYPTO_SHA1
|
select CRYPTO_SHA1
|
||||||
select MPILIB
|
select MPILIB
|
||||||
help
|
help
|
||||||
|
|
|
@ -129,6 +129,7 @@ int dns_query(const char *type, const char *name, size_t namelen,
|
||||||
}
|
}
|
||||||
|
|
||||||
down_read(&rkey->sem);
|
down_read(&rkey->sem);
|
||||||
|
set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
|
||||||
rkey->perm |= KEY_USR_VIEW;
|
rkey->perm |= KEY_USR_VIEW;
|
||||||
|
|
||||||
ret = key_validate(rkey);
|
ret = key_validate(rkey);
|
||||||
|
|
|
@ -406,12 +406,25 @@ long keyctl_invalidate_key(key_serial_t id)
|
||||||
key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
|
key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
|
||||||
if (IS_ERR(key_ref)) {
|
if (IS_ERR(key_ref)) {
|
||||||
ret = PTR_ERR(key_ref);
|
ret = PTR_ERR(key_ref);
|
||||||
|
|
||||||
|
/* Root is permitted to invalidate certain special keys */
|
||||||
|
if (capable(CAP_SYS_ADMIN)) {
|
||||||
|
key_ref = lookup_user_key(id, 0, 0);
|
||||||
|
if (IS_ERR(key_ref))
|
||||||
|
goto error;
|
||||||
|
if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
|
||||||
|
&key_ref_to_ptr(key_ref)->flags))
|
||||||
|
goto invalidate;
|
||||||
|
goto error_put;
|
||||||
|
}
|
||||||
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
invalidate:
|
||||||
key_invalidate(key_ref_to_ptr(key_ref));
|
key_invalidate(key_ref_to_ptr(key_ref));
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
error_put:
|
||||||
key_ref_put(key_ref);
|
key_ref_put(key_ref);
|
||||||
error:
|
error:
|
||||||
kleave(" = %ld", ret);
|
kleave(" = %ld", ret);
|
||||||
|
|
Loading…
Reference in a new issue