keys: allow the callout data to be passed as a blob rather than a string

[linux-2.6-omap-h63xx.git] / security / keys / request_key_auth.c

diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index cb9817ced3fd8ce3419bf52d449f6b191d8bbed4..c615d473ce7ce2f6280845b3ea0f794e19cf944c 100644 (file)
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -61,7 +61,7 @@ static void request_key_auth_describe(const struct key *key,
 
        seq_puts(m, "key:");
        seq_puts(m, key->description);
-       seq_printf(m, " pid:%d ci:%zu", rka->pid, strlen(rka->callout_info));
+       seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
 
 } /* end request_key_auth_describe() */
 
@@ -77,7 +77,7 @@ static long request_key_auth_read(const struct key *key,
        size_t datalen;
        long ret;
 
-       datalen = strlen(rka->callout_info);
+       datalen = rka->callout_len;
        ret = datalen;
 
        /* we can return the data as is */
@@ -127,6 +127,7 @@ static void request_key_auth_destroy(struct key *key)
        }
 
        key_put(rka->target_key);
+       kfree(rka->callout_info);
        kfree(rka);
 
 } /* end request_key_auth_destroy() */
@@ -136,7 +137,8 @@ static void request_key_auth_destroy(struct key *key)
  * create an authorisation token for /sbin/request-key or whoever to gain
  * access to the caller's security data
  */
-struct key *request_key_auth_new(struct key *target, const char *callout_info)
+struct key *request_key_auth_new(struct key *target, const void *callout_info,
+                                size_t callout_len)
 {
        struct request_key_auth *rka, *irka;
        struct key *authkey = NULL;
@@ -151,6 +153,12 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
                kleave(" = -ENOMEM");
                return ERR_PTR(-ENOMEM);
        }
+       rka->callout_info = kmalloc(callout_len, GFP_KERNEL);
+       if (!rka->callout_info) {
+               kleave(" = -ENOMEM");
+               kfree(rka);
+               return ERR_PTR(-ENOMEM);
+       }
 
        /* see if the calling process is already servicing the key request of
         * another process */
@@ -179,7 +187,8 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
        }
 
        rka->target_key = key_get(target);
-       rka->callout_info = callout_info;
+       memcpy(rka->callout_info, callout_info, callout_len);
+       rka->callout_len = callout_len;
 
        /* allocate the auth key */
        sprintf(desc, "%x", target->serial);
@@ -187,7 +196,7 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
        authkey = key_alloc(&key_type_request_key_auth, desc,
                            current->fsuid, current->fsgid, current,
                            KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
-                           KEY_USR_VIEW, 1);
+                           KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
        if (IS_ERR(authkey)) {
                ret = PTR_ERR(authkey);
                goto error_alloc;
@@ -203,6 +212,7 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
 
 auth_key_revoked:
        up_read(&current->request_key_auth->sem);
+       kfree(rka->callout_info);
        kfree(rka);
        kleave("= -EKEYREVOKED");
        return ERR_PTR(-EKEYREVOKED);
@@ -212,6 +222,7 @@ error_inst:
        key_put(authkey);
 error_alloc:
        key_put(rka->target_key);
+       kfree(rka->callout_info);
        kfree(rka);
        kleave("= %d", ret);
        return ERR_PTR(ret);
@@ -252,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
                current);
 
        if (IS_ERR(authkey_ref)) {
-               authkey = ERR_PTR(PTR_ERR(authkey_ref));
+               authkey = ERR_CAST(authkey_ref);
                goto error;
        }