提交 44313f67 编写于 作者: K Krzysztof Struczynski 提交者: Zheng Zengkai

keys: Include key domain tag in the iterative search

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I49KW1
CVE: NA

--------------------------------

Add domain tag to the key_match_data. If set, check domain tag in the
default match function and asymmetric keys match functions.

This will allow to use the key domain tag in the search criteria for
the iterative search, not only for the direct lookup that is based on
the index key.
Signed-off-by: NKrzysztof Struczynski <krzysztof.struczynski@huawei.com>
Reviewed-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 d3ef5f85
......@@ -249,9 +249,15 @@ static bool asymmetric_key_cmp(const struct key *key,
{
const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
const struct asymmetric_key_id *match_id = match_data->preparsed;
bool match;
return asymmetric_match_key_ids(kids, match_id,
asymmetric_key_id_same);
match = asymmetric_match_key_ids(kids, match_id,
asymmetric_key_id_same);
if (match_data->domain_tag)
match &= key->index_key.domain_tag == match_data->domain_tag;
return match;
}
/*
......@@ -262,9 +268,15 @@ static bool asymmetric_key_cmp_partial(const struct key *key,
{
const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
const struct asymmetric_key_id *match_id = match_data->preparsed;
bool match;
match = asymmetric_match_key_ids(kids, match_id,
asymmetric_key_id_partial);
if (match_data->domain_tag)
match &= key->index_key.domain_tag == match_data->domain_tag;
return asymmetric_match_key_ids(kids, match_id,
asymmetric_key_id_partial);
return match;
}
/*
......
......@@ -55,6 +55,7 @@ struct key_match_data {
unsigned lookup_type; /* Type of lookup for this search. */
#define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */
#define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */
struct key_tag *domain_tag; /* Key domain tag */
};
/*
......
......@@ -565,7 +565,13 @@ int restrict_link_reject(struct key *keyring,
bool key_default_cmp(const struct key *key,
const struct key_match_data *match_data)
{
return strcmp(key->description, match_data->raw_data) == 0;
bool match;
match = strcmp(key->description, match_data->raw_data) == 0;
if (match_data->domain_tag)
match &= key->index_key.domain_tag == match_data->domain_tag;
return match;
}
/*
......@@ -957,6 +963,8 @@ key_ref_t keyring_search_tag(key_ref_t keyring,
if (recurse)
ctx.flags |= KEYRING_SEARCH_RECURSE;
if (domain_tag)
ctx.match_data.domain_tag = domain_tag;
if (type->match_preparse) {
ret = type->match_preparse(&ctx.match_data);
if (ret < 0)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部