forked from Minki/linux
KEYS: Make request_key() and co. return an error for a negative key
Make request_key() and co. return an error for a negative or rejected key. If the key was simply negated, then return ENOKEY, otherwise return the error with which it was rejected. Without this patch, the following command returns a key number (with the latest keyutils): [root@andromeda ~]# keyctl request2 user debug:foo rejected @s 586569904 Trying to print the key merely gets you a permission denied error: [root@andromeda ~]# keyctl print 586569904 keyctl_read_alloc: Permission denied Doing another request_key() call does get you the error, as long as it hasn't expired yet: [root@andromeda ~]# keyctl request user debug:foo request_key: Key was rejected by service Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
78b7280cce
commit
4aab1e896a
@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type,
|
||||
goto error5;
|
||||
}
|
||||
|
||||
/* wait for the key to finish being constructed */
|
||||
ret = wait_for_key_construction(key, 1);
|
||||
if (ret < 0)
|
||||
goto error6;
|
||||
|
||||
ret = key->serial;
|
||||
|
||||
error6:
|
||||
key_put(key);
|
||||
error5:
|
||||
key_type_put(ktype);
|
||||
|
Loading…
Reference in New Issue
Block a user