KEYS: Remove key_type::match in favour of overriding default by match_preparse

A previous patch added a ->match_preparse() method to the key type. This is allowed to override the function called by the iteration algorithm. Therefore, we can just set a default that simply checks for an exact match of the key description with the original criterion data and allow match_preparse to override it as needed. The key_type::match op is then redundant and can be removed, as can the user_match() function. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>

KEYS: Remove key_type::match in favour of overriding default by match_preparse
A previous patch added a ->match_preparse() method to the key type. This is allowed to override the function called by the iteration algorithm. Therefore, we can just set a default that simply checks for an exact match of the key description with the original criterion data and allow match_preparse to override it as needed. The key_type::match op is then redundant and can be removed, as can the user_match() function. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells · Eric Lee · Eric Lee
1 parent 614d8c3901
Showing 19 changed files with 31 additions and 45 deletions Side-by-side Diff
crypto/asymmetric_keys/asymmetric_type.c
crypto/asymmetric_keys/pkcs7_key_type.c
fs/cifs/cifs_spnego.c
fs/cifs/cifsacl.c
fs/nfs/idmap.c
include/keys/user-type.h
include/linux/key-type.h
net/ceph/crypto.c
net/dns_resolver/dns_key.c
net/rxrpc/ar-key.c
security/keys/big_key.c
security/keys/encrypted-keys/encrypted.c
security/keys/internal.h
security/keys/key.c
security/keys/keyring.c
security/keys/request_key.c
security/keys/request_key_auth.c
security/keys/trusted.c
security/keys/user_defined.c
@@ -59,8 +59,8 @@
  *	"id:<id>"	- request a key matching the ID
  *	"<subtype>:<id>" - request a key of a subtype
  */
-static int asymmetric_key_match(const struct key *key,
-				const struct key_match_data *match_data)
+static int asymmetric_key_cmp(const struct key *key,
+			      const struct key_match_data *match_data)
 {
 	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
 	const char *description = match_data->raw_data;
@@ -110,6 +110,7 @@
 static int asymmetric_key_match_preparse(struct key_match_data *match_data)
 {
 	match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
+	match_data->cmp = asymmetric_key_cmp;
 	return 0;
 }
  
@@ -224,7 +225,6 @@
 	.free_preparse	= asymmetric_key_free_preparse,
 	.instantiate	= generic_key_instantiate,
 	.match_preparse	= asymmetric_key_match_preparse,
-	.match		= asymmetric_key_match,
 	.match_free	= asymmetric_key_match_free,
 	.destroy	= asymmetric_key_destroy,
 	.describe	= asymmetric_key_describe,
@@ -75,7 +75,6 @@
 	.preparse		= pkcs7_preparse,
 	.free_preparse		= user_free_preparse,
 	.instantiate		= generic_key_instantiate,
-	.match			= user_match,
 	.revoke			= user_revoke,
 	.destroy		= user_destroy,
 	.describe		= user_describe,
@@ -62,7 +62,6 @@
 struct key_type cifs_spnego_key_type = {
 	.name		= "cifs.spnego",
 	.instantiate	= cifs_spnego_key_instantiate,
-	.match		= user_match,
 	.destroy	= cifs_spnego_key_destroy,
 	.describe	= user_describe,
 };
@@ -84,7 +84,6 @@
 	.instantiate = cifs_idmap_key_instantiate,
 	.destroy     = cifs_idmap_key_destroy,
 	.describe    = user_describe,
-	.match       = user_match,
 };
  
 static char *
@@ -177,7 +177,6 @@
 	.preparse	= user_preparse,
 	.free_preparse	= user_free_preparse,
 	.instantiate	= generic_key_instantiate,
-	.match		= user_match,
 	.revoke		= user_revoke,
 	.destroy	= user_destroy,
 	.describe	= user_describe,
@@ -401,7 +400,6 @@
 	.preparse	= user_preparse,
 	.free_preparse	= user_free_preparse,
 	.instantiate	= generic_key_instantiate,
-	.match		= user_match,
 	.revoke		= user_revoke,
 	.destroy	= user_destroy,
 	.describe	= user_describe,
@@ -36,13 +36,10 @@
 extern struct key_type key_type_logon;
  
 struct key_preparsed_payload;
-struct key_match_data;
  
 extern int user_preparse(struct key_preparsed_payload *prep);
 extern void user_free_preparse(struct key_preparsed_payload *prep);
 extern int user_update(struct key *key, struct key_preparsed_payload *prep);
-extern int user_match(const struct key *key,
-		      const struct key_match_data *match_data);
 extern void user_revoke(struct key *key);
 extern void user_destroy(struct key *key);
 extern void user_describe(const struct key *user, struct seq_file *m);
@@ -113,10 +113,6 @@
 	 */
 	int (*match_preparse)(struct key_match_data *match_data);
  
-	/* match a key against a description */
-	int (*match)(const struct key *key,
-		     const struct key_match_data *match_data);
-
 	/* Free preparsed match data (optional).  This should be supplied it
 	 * ->match_preparse() is supplied. */
 	void (*match_free)(struct key_match_data *match_data);
@@ -476,7 +476,6 @@
 	.preparse	= ceph_key_preparse,
 	.free_preparse	= ceph_key_free_preparse,
 	.instantiate	= generic_key_instantiate,
-	.match		= user_match,
 	.destroy	= ceph_key_destroy,
 };
  
@@ -176,9 +176,8 @@
  * The domain name may be a simple name or an absolute domain name (which
  * should end with a period).  The domain name is case-independent.
  */
-static int
-dns_resolver_match(const struct key *key,
-		   const struct key_match_data *match_data)
+static int dns_resolver_cmp(const struct key *key,
+			    const struct key_match_data *match_data)
 {
 	int slen, dlen, ret = 0;
 	const char *src = key->description, *dsp = match_data->raw_data;
@@ -210,6 +209,16 @@
 }
  
 /*
+ * Preparse the match criterion.
+ */
+static int dns_resolver_match_preparse(struct key_match_data *match_data)
+{
+	match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
+	match_data->cmp = dns_resolver_cmp;
+	return 0;
+}
+
+/*
  * Describe a DNS key
  */
 static void dns_resolver_describe(const struct key *key, struct seq_file *m)
@@ -243,7 +252,7 @@
 	.preparse	= dns_resolver_preparse,
 	.free_preparse	= dns_resolver_free_preparse,
 	.instantiate	= generic_key_instantiate,
-	.match		= dns_resolver_match,
+	.match_preparse	= dns_resolver_match_preparse,
 	.revoke		= user_revoke,
 	.destroy	= user_destroy,
 	.describe	= dns_resolver_describe,
@@ -44,7 +44,6 @@
 	.preparse	= rxrpc_preparse,
 	.free_preparse	= rxrpc_free_preparse,
 	.instantiate	= generic_key_instantiate,
-	.match		= user_match,
 	.destroy	= rxrpc_destroy,
 	.describe	= rxrpc_describe,
 	.read		= rxrpc_read,
@@ -61,7 +60,6 @@
 	.preparse	= rxrpc_preparse_s,
 	.free_preparse	= rxrpc_free_preparse_s,
 	.instantiate	= generic_key_instantiate,
-	.match		= user_match,
 	.destroy	= rxrpc_destroy_s,
 	.describe	= rxrpc_describe,
 };
@@ -36,7 +36,6 @@
 	.preparse		= big_key_preparse,
 	.free_preparse		= big_key_free_preparse,
 	.instantiate		= generic_key_instantiate,
-	.match			= user_match,
 	.revoke			= big_key_revoke,
 	.destroy		= big_key_destroy,
 	.describe		= big_key_describe,
@@ -970,7 +970,6 @@
 	.name = "encrypted",
 	.instantiate = encrypted_instantiate,
 	.update = encrypted_update,
-	.match = user_match,
 	.destroy = encrypted_destroy,
 	.describe = user_describe,
 	.read = encrypted_read,
@@ -127,6 +127,8 @@
 	struct timespec		now;
 };
  
+extern int key_default_cmp(const struct key *key,
+			   const struct key_match_data *match_data);
 extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
 				    struct keyring_search_context *ctx);
  
@@ -799,7 +799,7 @@
 	}
  
 	key_ref = ERR_PTR(-EINVAL);
-	if (!index_key.type->match || !index_key.type->instantiate ||
+	if (!index_key.type->instantiate ||
 	    (!index_key.description && !index_key.type->preparse))
 		goto error_put_type;
  
@@ -89,7 +89,6 @@
 	.preparse	= keyring_preparse,
 	.free_preparse	= keyring_free_preparse,
 	.instantiate	= keyring_instantiate,
-	.match		= user_match,
 	.revoke		= keyring_revoke,
 	.destroy	= keyring_destroy,
 	.describe	= keyring_describe,
@@ -512,6 +511,15 @@
 EXPORT_SYMBOL(keyring_alloc);
  
 /*
+ * By default, we keys found by getting an exact match on their descriptions.
+ */
+int key_default_cmp(const struct key *key,
+		    const struct key_match_data *match_data)
+{
+	return strcmp(key->description, match_data->raw_data) == 0;
+}
+
+/*
  * Iteration function to consider each key found.
  */
 static int keyring_search_iterator(const void *object, void *iterator_data)
  
@@ -884,16 +892,13 @@
 		.index_key.type		= type,
 		.index_key.description	= description,
 		.cred			= current_cred(),
-		.match_data.cmp		= type->match,
+		.match_data.cmp		= key_default_cmp,
 		.match_data.raw_data	= description,
 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
 		.flags			= KEYRING_SEARCH_DO_STATE_CHECK,
 	};
 	key_ref_t key;
 	int ret;
-
-	if (!ctx.match_data.cmp)
-		return ERR_PTR(-ENOKEY);
  
 	if (type->match_preparse) {
 		ret = type->match_preparse(&ctx.match_data);
@@ -531,7 +531,7 @@
 		.index_key.type		= type,
 		.index_key.description	= description,
 		.cred			= current_cred(),
-		.match_data.cmp		= type->match,
+		.match_data.cmp		= key_default_cmp,
 		.match_data.raw_data	= description,
 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
 	};
@@ -246,7 +246,7 @@
 		.index_key.type		= &key_type_request_key_auth,
 		.index_key.description	= description,
 		.cred			= current_cred(),
-		.match_data.cmp		= user_match,
+		.match_data.cmp		= key_default_cmp,
 		.match_data.raw_data	= description,
 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
 	};
@@ -1096,7 +1096,6 @@
 	.name = "trusted",
 	.instantiate = trusted_instantiate,
 	.update = trusted_update,
-	.match = user_match,
 	.destroy = trusted_destroy,
 	.describe = user_describe,
 	.read = trusted_read,
@@ -30,7 +30,6 @@
 	.free_preparse		= user_free_preparse,
 	.instantiate		= generic_key_instantiate,
 	.update			= user_update,
-	.match			= user_match,
 	.revoke			= user_revoke,
 	.destroy		= user_destroy,
 	.describe		= user_describe,
@@ -51,7 +50,6 @@
 	.free_preparse		= user_free_preparse,
 	.instantiate		= generic_key_instantiate,
 	.update			= user_update,
-	.match			= user_match,
 	.revoke			= user_revoke,
 	.destroy		= user_destroy,
 	.describe		= user_describe,
@@ -135,16 +133,6 @@
 }
  
 EXPORT_SYMBOL_GPL(user_update);
-
-/*
- * match users on their name
- */
-int user_match(const struct key *key, const struct key_match_data *match_data)
-{
-	return strcmp(key->description, match_data->raw_data) == 0;
-}
-
-EXPORT_SYMBOL_GPL(user_match);
  
 /*
  * dispose of the links from a revoked keyring
...	...	@@ -59,8 +59,8 @@
59	59	* "id:<id>" - request a key matching the ID
60	60	* "<subtype>:<id>" - request a key of a subtype
61	61	*/
62		-static int asymmetric_key_match(const struct key *key,
63		- const struct key_match_data *match_data)
	62	+static int asymmetric_key_cmp(const struct key *key,
	63	+ const struct key_match_data *match_data)
64	64	{
65	65	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
66	66	const char *description = match_data->raw_data;
...	...	@@ -110,6 +110,7 @@
110	110	static int asymmetric_key_match_preparse(struct key_match_data *match_data)
111	111	{
112	112	match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
	113	+ match_data->cmp = asymmetric_key_cmp;
113	114	return 0;
114	115	}
115	116
...	...	@@ -224,7 +225,6 @@
224	225	.free_preparse = asymmetric_key_free_preparse,
225	226	.instantiate = generic_key_instantiate,
226	227	.match_preparse = asymmetric_key_match_preparse,
227		- .match = asymmetric_key_match,
228	228	.match_free = asymmetric_key_match_free,
229	229	.destroy = asymmetric_key_destroy,
230	230	.describe = asymmetric_key_describe,
...	...	@@ -75,7 +75,6 @@
75	75	.preparse = pkcs7_preparse,
76	76	.free_preparse = user_free_preparse,
77	77	.instantiate = generic_key_instantiate,
78		- .match = user_match,
79	78	.revoke = user_revoke,
80	79	.destroy = user_destroy,
81	80	.describe = user_describe,
...	...	@@ -62,7 +62,6 @@
62	62	struct key_type cifs_spnego_key_type = {
63	63	.name = "cifs.spnego",
64	64	.instantiate = cifs_spnego_key_instantiate,
65		- .match = user_match,
66	65	.destroy = cifs_spnego_key_destroy,
67	66	.describe = user_describe,
68	67	};
...	...	@@ -84,7 +84,6 @@
84	84	.instantiate = cifs_idmap_key_instantiate,
85	85	.destroy = cifs_idmap_key_destroy,
86	86	.describe = user_describe,
87		- .match = user_match,
88	87	};
89	88
90	89	static char *
...	...	@@ -177,7 +177,6 @@
177	177	.preparse = user_preparse,
178	178	.free_preparse = user_free_preparse,
179	179	.instantiate = generic_key_instantiate,
180		- .match = user_match,
181	180	.revoke = user_revoke,
182	181	.destroy = user_destroy,
183	182	.describe = user_describe,
...	...	@@ -401,7 +400,6 @@
401	400	.preparse = user_preparse,
402	401	.free_preparse = user_free_preparse,
403	402	.instantiate = generic_key_instantiate,
404		- .match = user_match,
405	403	.revoke = user_revoke,
406	404	.destroy = user_destroy,
407	405	.describe = user_describe,
...	...	@@ -36,13 +36,10 @@
36	36	extern struct key_type key_type_logon;
37	37
38	38	struct key_preparsed_payload;
39		-struct key_match_data;
40	39
41	40	extern int user_preparse(struct key_preparsed_payload *prep);
42	41	extern void user_free_preparse(struct key_preparsed_payload *prep);
43	42	extern int user_update(struct key key, struct key_preparsed_payload prep);
44		-extern int user_match(const struct key *key,
45		- const struct key_match_data *match_data);
46	43	extern void user_revoke(struct key *key);
47	44	extern void user_destroy(struct key *key);
48	45	extern void user_describe(const struct key user, struct seq_file m);
...	...	@@ -113,10 +113,6 @@
113	113	*/
114	114	int (match_preparse)(struct key_match_data match_data);
115	115
116		- /* match a key against a description */
117		- int (match)(const struct key key,
118		- const struct key_match_data *match_data);
119		-
120	116	/* Free preparsed match data (optional). This should be supplied it
121	117	* ->match_preparse() is supplied. */
122	118	void (match_free)(struct key_match_data match_data);
...	...	@@ -476,7 +476,6 @@
476	476	.preparse = ceph_key_preparse,
477	477	.free_preparse = ceph_key_free_preparse,
478	478	.instantiate = generic_key_instantiate,
479		- .match = user_match,
480	479	.destroy = ceph_key_destroy,
481	480	};
482	481
...	...	@@ -176,9 +176,8 @@
176	176	* The domain name may be a simple name or an absolute domain name (which
177	177	* should end with a period). The domain name is case-independent.
178	178	*/
179		-static int
180		-dns_resolver_match(const struct key *key,
181		- const struct key_match_data *match_data)
	179	+static int dns_resolver_cmp(const struct key *key,
	180	+ const struct key_match_data *match_data)
182	181	{
183	182	int slen, dlen, ret = 0;
184	183	const char src = key->description, dsp = match_data->raw_data;
...	...	@@ -210,6 +209,16 @@
210	209	}
211	210
212	211	/*
	212	+ * Preparse the match criterion.
	213	+ */
	214	+static int dns_resolver_match_preparse(struct key_match_data *match_data)
	215	+{
	216	+ match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
	217	+ match_data->cmp = dns_resolver_cmp;
	218	+ return 0;
	219	+}
	220	+
	221	+/*
213	222	* Describe a DNS key
214	223	*/
215	224	static void dns_resolver_describe(const struct key key, struct seq_file m)
...	...	@@ -243,7 +252,7 @@
243	252	.preparse = dns_resolver_preparse,
244	253	.free_preparse = dns_resolver_free_preparse,
245	254	.instantiate = generic_key_instantiate,
246		- .match = dns_resolver_match,
	255	+ .match_preparse = dns_resolver_match_preparse,
247	256	.revoke = user_revoke,
248	257	.destroy = user_destroy,
249	258	.describe = dns_resolver_describe,
...	...	@@ -44,7 +44,6 @@
44	44	.preparse = rxrpc_preparse,
45	45	.free_preparse = rxrpc_free_preparse,
46	46	.instantiate = generic_key_instantiate,
47		- .match = user_match,
48	47	.destroy = rxrpc_destroy,
49	48	.describe = rxrpc_describe,
50	49	.read = rxrpc_read,
...	...	@@ -61,7 +60,6 @@
61	60	.preparse = rxrpc_preparse_s,
62	61	.free_preparse = rxrpc_free_preparse_s,
63	62	.instantiate = generic_key_instantiate,
64		- .match = user_match,
65	63	.destroy = rxrpc_destroy_s,
66	64	.describe = rxrpc_describe,
67	65	};