[PATCH] Keys: Replace duplicate non-updateable keys rather than failing
From: David Howells
Date: Fri Feb 17 2006 - 09:54:16 EST
The attached patch causes an attempt to add a duplicate non-updateable key
(such as a keyring) to a keyring to discard the extant copy in favour of the
new one rather than failing with EEXIST:
# do the test in an empty session
keyctl session
# create a new keyring called "a" and attach to session
keyctl newring a @s
# create another new keyring called "a" and attach to session,
# displacing the keyring added by the second command:
keyctl newring a @s
Without this patch, the third command will fail.
For updateable keys (such as those of "user" type), the update method will
still be called rather than a new key being created.
Signed-Off-By: David Howells <dhowells@xxxxxxxxxx>
---
warthog>diffstat -p1 keys-replace-2616rc3.diff
security/keys/key.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diff -uNrp linux-2.6.16-rc3-key-quota/security/keys/key.c linux-2.6.16-rc3-key-replace/security/keys/key.c
--- linux-2.6.16-rc3-key-quota/security/keys/key.c 2006-02-17 14:26:27.000000000 +0000
+++ linux-2.6.16-rc3-key-replace/security/keys/key.c 2006-02-17 14:31:39.000000000 +0000
@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t
goto error_3;
}
- /* search for an existing key of the same type and description in the
- * destination keyring
+ /* if it's possible to update this type of key, search for an existing
+ * key of the same type and description in the destination keyring and
+ * update that instead if possible
*/
- key_ref = __keyring_search_one(keyring_ref, ktype, description, 0);
- if (!IS_ERR(key_ref))
- goto found_matching_key;
+ if (ktype->update) {
+ key_ref = __keyring_search_one(keyring_ref, ktype, description,
+ 0);
+ if (!IS_ERR(key_ref))
+ goto found_matching_key;
+ }
/* decide on the permissions we want */
perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/