KEYS: Add a key type op to permit the key description to be vetted

Add a key type operation to permit the key type to vet the description of a new key that key_alloc() is about to allocate. The operation may reject the description if it wishes with an error of its choosing. If it does this, the key will not be allocated. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>

KEYS: Add a key type op to permit the key description to be vetted
Add a key type operation to permit the key type to vet the description of a new key that key_alloc() is about to allocate. The operation may reject the description if it wishes with an error of its choosing. If it does this, the key will not be allocated. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells · James Morris
1 parent 633e804e89
Showing 4 changed files with 37 additions and 0 deletions Side-by-side Diff
Documentation/keys.txt
include/linux/key-type.h
net/rxrpc/ar-key.c
security/keys/key.c
@@ -1062,6 +1062,13 @@
      viable.
  
  
+ (*) int (*vet_description)(const char *description);
+
+     This optional method is called to vet a key description.  If the key type
+     doesn't approve of the key description, it may return an error, otherwise
+     it should return 0.
+
+
  (*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
  
      This method is called to attach a payload to a key during construction.
@@ -41,6 +41,9 @@
 	 */
 	size_t def_datalen;
  
+	/* vet a description */
+	int (*vet_description)(const char *description);
+
 	/* instantiate a key of this type
 	 * - this method should call key_payload_reserve() to determine if the
 	 *   user's quota will hold the payload
@@ -25,6 +25,7 @@
 #include <keys/user-type.h>
 #include "ar-internal.h"
  
+static int rxrpc_vet_description_s(const char *);
 static int rxrpc_instantiate(struct key *, const void *, size_t);
 static int rxrpc_instantiate_s(struct key *, const void *, size_t);
 static void rxrpc_destroy(struct key *);
  
@@ -52,11 +53,29 @@
  */
 struct key_type key_type_rxrpc_s = {
 	.name		= "rxrpc_s",
+	.vet_description = rxrpc_vet_description_s,
 	.instantiate	= rxrpc_instantiate_s,
 	.match		= user_match,
 	.destroy	= rxrpc_destroy_s,
 	.describe	= rxrpc_describe,
 };
+
+/*
+ * Vet the description for an RxRPC server key
+ */
+static int rxrpc_vet_description_s(const char *desc)
+{
+	unsigned long num;
+	char *p;
+
+	num = simple_strtoul(desc, &p, 10);
+	if (*p != ':' || num > 65535)
+		return -EINVAL;
+	num = simple_strtoul(p + 1, &p, 10);
+	if (*p || num < 1 || num > 255)
+		return -EINVAL;
+	return 0;
+}
  
 /*
  * parse an RxKAD type XDR format token
@@ -249,6 +249,14 @@
 	if (!desc || !*desc)
 		goto error;
  
+	if (type->vet_description) {
+		ret = type->vet_description(desc);
+		if (ret < 0) {
+			key = ERR_PTR(ret);
+			goto error;
+		}
+	}
+
 	desclen = strlen(desc) + 1;
 	quotalen = desclen + type->def_datalen;
...	...	@@ -1062,6 +1062,13 @@
1062	1062	viable.
1063	1063
1064	1064
	1065	+ () int (vet_description)(const char *description);
	1066	+
	1067	+ This optional method is called to vet a key description. If the key type
	1068	+ doesn't approve of the key description, it may return an error, otherwise
	1069	+ it should return 0.
	1070	+
	1071	+
1065	1072	() int (instantiate)(struct key key, const void data, size_t datalen);
1066	1073
1067	1074	This method is called to attach a payload to a key during construction.
...	...	@@ -41,6 +41,9 @@
41	41	*/
42	42	size_t def_datalen;
43	43
	44	+ /* vet a description */
	45	+ int (vet_description)(const char description);
	46	+
44	47	/* instantiate a key of this type
45	48	* - this method should call key_payload_reserve() to determine if the
46	49	* user's quota will hold the payload
...	...	@@ -25,6 +25,7 @@
25	25	#include <keys/user-type.h>
26	26	#include "ar-internal.h"
27	27
	28	+static int rxrpc_vet_description_s(const char *);
28	29	static int rxrpc_instantiate(struct key , const void , size_t);
29	30	static int rxrpc_instantiate_s(struct key , const void , size_t);
30	31	static void rxrpc_destroy(struct key *);
31	32
...	...	@@ -52,11 +53,29 @@
52	53	*/
53	54	struct key_type key_type_rxrpc_s = {
54	55	.name = "rxrpc_s",
	56	+ .vet_description = rxrpc_vet_description_s,
55	57	.instantiate = rxrpc_instantiate_s,
56	58	.match = user_match,
57	59	.destroy = rxrpc_destroy_s,
58	60	.describe = rxrpc_describe,
59	61	};
	62	+
	63	+/*
	64	+ * Vet the description for an RxRPC server key
	65	+ */
	66	+static int rxrpc_vet_description_s(const char *desc)
	67	+{
	68	+ unsigned long num;
	69	+ char *p;
	70	+
	71	+ num = simple_strtoul(desc, &p, 10);
	72	+ if (*p != ':' \|\| num > 65535)
	73	+ return -EINVAL;
	74	+ num = simple_strtoul(p + 1, &p, 10);
	75	+ if (*p \|\| num < 1 \|\| num > 255)
	76	+ return -EINVAL;
	77	+ return 0;
	78	+}
60	79
61	80	/*
62	81	* parse an RxKAD type XDR format token
...	...	@@ -249,6 +249,14 @@
249	249	if (!desc \|\| !*desc)
250	250	goto error;
251	251
	252	+ if (type->vet_description) {
	253	+ ret = type->vet_description(desc);
	254	+ if (ret < 0) {
	255	+ key = ERR_PTR(ret);
	256	+ goto error;
	257	+ }
	258	+ }
	259	+
252	260	desclen = strlen(desc) + 1;
253	261	quotalen = desclen + type->def_datalen;
254	262