]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blobdiff - security/keys/key.c
projects / mirror_ubuntu-artful-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KEYS: Use structure to capture key restriction function and data
[mirror_ubuntu-artful-kernel.git] / security / keys / key.c
diff --git a/security/keys/key.c b/security/keys/key.c
index 27fc1bb4003419407e793db4162c6a9ec194d800..2ea5967121de55de166bd9080456d047aa882abb 100644 (file)
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -201,12 +201,15 @@ serial_exists:
  * @cred: The credentials specifying UID namespace.
  * @perm: The permissions mask of the new key.
  * @flags: Flags specifying quota properties.
- * @restrict_link: Optional link restriction method for new keyrings.
+ * @restrict_link: Optional link restriction for new keyrings.
  *
  * Allocate a key of the specified type with the attributes given.  The key is
  * returned in an uninstantiated state and the caller needs to instantiate the
  * key before returning.
  *
+ * The restrict_link structure (if not NULL) will be freed when the
+ * keyring is destroyed, so it must be dynamically allocated.
+ *
  * The user's key count quota is updated to reflect the creation of the key and
  * the user's key data quota has the default for the key type reserved.  The
  * instantiation function should amend this as necessary.  If insufficient
@@ -225,7 +228,7 @@ serial_exists:
 struct key *key_alloc(struct key_type *type, const char *desc,
                      kuid_t uid, kgid_t gid, const struct cred *cred,
                      key_perm_t perm, unsigned long flags,
-                     key_restrict_link_func_t restrict_link)
+                     struct key_restriction *restrict_link)
 {
        struct key_user *user = NULL;
        struct key *key;
@@ -497,9 +500,11 @@ int key_instantiate_and_link(struct key *key,
        }
 
        if (keyring) {
-               if (keyring->restrict_link) {
-                       ret = keyring->restrict_link(keyring, key->type,
-                                                    &prep.payload, NULL);
+               if (keyring->restrict_link && keyring->restrict_link->check) {
+                       struct key_restriction *keyres = keyring->restrict_link;
+
+                       ret = keyres->check(keyring, key->type, &prep.payload,
+                                           keyres->key);
                        if (ret < 0)
                                goto error;
                }
@@ -804,7 +809,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
        struct key *keyring, *key = NULL;
        key_ref_t key_ref;
        int ret;
-       key_restrict_link_func_t restrict_link = NULL;
+       struct key_restriction *restrict_link = NULL;
 
        /* look up the key type to see if it's one of the registered kernel
         * types */
@@ -850,9 +855,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
        }
        index_key.desc_len = strlen(index_key.description);
 
-       if (restrict_link) {
-               ret = restrict_link(keyring, index_key.type, &prep.payload,
-                                   NULL);
+       if (restrict_link && restrict_link->check) {
+               ret = restrict_link->check(keyring, index_key.type,
+                                          &prep.payload, restrict_link->key);
                if (ret < 0) {
                        key_ref = ERR_PTR(ret);
                        goto error_free_prep;
Ubuntu Artful kernel mirror