The request_key() system call and request_key_and_link() should make a link
from an existing key to the destination keyring (if supplied), not just from a
new key to the destination keyring.
This can be tested by:
ring=`keyctl newring fred @s`
keyctl request2 user debug:a a
keyctl request user debug:a $ring
keyctl list $ring
If it says:
keyring is empty
then it didn't work. If it shows something like:
1 key in keyring:
1070462727: --alswrv 0 0 user: debug:a
then it did.
Signed-off-by: David Howells <[email protected]>
---
security/keys/request_key.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index ea97c31..d737cea 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
key_already_present:
mutex_unlock(&key_construction_mutex);
- if (dest_keyring)
+ if (dest_keyring) {
+ __key_link(dest_keyring, key_ref_to_ptr(key_ref));
up_write(&dest_keyring->sem);
+ }
mutex_unlock(&user->cons_lock);
key_put(key);
*_key = key = key_ref_to_ptr(key_ref);
@@ -431,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type,
if (!IS_ERR(key_ref)) {
key = key_ref_to_ptr(key_ref);
+ if (dest_keyring) {
+ construct_get_dest_keyring(&dest_keyring);
+ key_link(dest_keyring, key);
+ key_put(dest_keyring);
+ }
} else if (PTR_ERR(key_ref) != -EAGAIN) {
key = ERR_CAST(key_ref);
} else {
On 26 April 2010 16:59, David Howells <[email protected]> wrote:
> The request_key() system call and request_key_and_link() should make a link
> from an existing key to the destination keyring (if supplied), not just from a
> new key to the destination keyring.
>
> This can be tested by:
>
> ring=`keyctl newring fred @s`
> keyctl request2 user debug:a a
> keyctl request user debug:a $ring
> keyctl list $ring
>
> If it says:
>
> keyring is empty
>
> then it didn't work. If it shows something like:
>
> 1 key in keyring:
> 1070462727: --alswrv 0 0 user: debug:a
>
> then it did.
>
> Signed-off-by: David Howells <[email protected]>
> ---
>
> security/keys/request_key.c | 9 ++++++++-
> 1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index ea97c31..d737cea 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
>
> key_already_present:
> mutex_unlock(&key_construction_mutex);
> - if (dest_keyring)
> + if (dest_keyring) {
> + __key_link(dest_keyring, key_ref_to_ptr(key_ref));
> up_write(&dest_keyring->sem);
> + }
> mutex_unlock(&user->cons_lock);
> key_put(key);
> *_key = key = key_ref_to_ptr(key_ref);
Hi,
Just a few questions (if you don't mind).
1. Is it correct to return -EINPROGRESS in this case?
2. (Why) Shouldn't the return value of __key_link() be checked?
3. In __key_link(), shouldn't rcu_dereference() be used when accessing
keyring->payload.subscriptions?
Thanks,
Vegard