diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-23 08:59:49 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-23 08:59:49 -0800 |
| commit | 7908b3ef6809e49c77d914342dfaa4b946476d7a (patch) | |
| tree | 44af103c5457b4c2286400158dcfc18846a7c4f0 /security/keys/user_defined.c | |
| parent | dcd6c92267155e70a94b3927bce681ce74b80d1f (diff) | |
| parent | acbbb76a26648dfae6fed0989879e40d75692bfc (diff) | |
| download | blackbird-op-linux-7908b3ef6809e49c77d914342dfaa4b946476d7a.tar.gz blackbird-op-linux-7908b3ef6809e49c77d914342dfaa4b946476d7a.zip | |
Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6:
CIFS: Rename *UCS* functions to *UTF16*
[CIFS] ACL and FSCACHE support no longer EXPERIMENTAL
[CIFS] Fix build break with multiuser patch when LANMAN disabled
cifs: warn about impending deprecation of legacy MultiuserMount code
cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts
cifs: sanitize username handling
keys: add a "logon" key type
cifs: lower default wsize when unix extensions are not used
cifs: better instrumentation for coalesce_t2
cifs: integer overflow in parse_dacl()
cifs: Fix sparse warning when calling cifs_strtoUCS
CIFS: Add descriptions to the brlock cache functions
Diffstat (limited to 'security/keys/user_defined.c')
| -rw-r--r-- | security/keys/user_defined.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 2aee3c5a3b99..c7660a25a3e4 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -18,6 +18,8 @@ #include <asm/uaccess.h> #include "internal.h" +static int logon_vet_description(const char *desc); + /* * user defined keys take an arbitrary string as the description and an * arbitrary blob of data as the payload @@ -36,6 +38,24 @@ struct key_type key_type_user = { EXPORT_SYMBOL_GPL(key_type_user); /* + * This key type is essentially the same as key_type_user, but it does + * not define a .read op. This is suitable for storing username and + * password pairs in the keyring that you do not want to be readable + * from userspace. + */ +struct key_type key_type_logon = { + .name = "logon", + .instantiate = user_instantiate, + .update = user_update, + .match = user_match, + .revoke = user_revoke, + .destroy = user_destroy, + .describe = user_describe, + .vet_description = logon_vet_description, +}; +EXPORT_SYMBOL_GPL(key_type_logon); + +/* * instantiate a user defined key */ int user_instantiate(struct key *key, const void *data, size_t datalen) @@ -189,3 +209,20 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) } EXPORT_SYMBOL_GPL(user_read); + +/* Vet the description for a "logon" key */ +static int logon_vet_description(const char *desc) +{ + char *p; + + /* require a "qualified" description string */ + p = strchr(desc, ':'); + if (!p) + return -EINVAL; + + /* also reject description with ':' as first char */ + if (p == desc) + return -EINVAL; + + return 0; +} |
