Commit 1d9b7d97 authored by David Howells's avatar David Howells Committed by Linus Torvalds

[PATCH] Keys: Replace duplicate non-updateable keys rather than failing

Cause an attempt to add a duplicate non-updateable key (such as a keyring) to
a keyring to discard the extant copy in favour of the new one rather than
failing with EEXIST:

	# do the test in an empty session
	keyctl session
	# create a new keyring called "a" and attach to session
	keyctl newring a @s
	# create another new keyring called "a" and attach to session,
	# displacing the keyring added by the second command:
	keyctl newring a @s

Without this patch, the third command will fail.

For updateable keys (such as those of "user" type), the update method will
still be called rather than a new key being created.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 3dccff8d
...@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, ...@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
goto error_3; goto error_3;
} }
/* search for an existing key of the same type and description in the /* if it's possible to update this type of key, search for an existing
* destination keyring * key of the same type and description in the destination keyring and
* update that instead if possible
*/ */
key_ref = __keyring_search_one(keyring_ref, ktype, description, 0); if (ktype->update) {
if (!IS_ERR(key_ref)) key_ref = __keyring_search_one(keyring_ref, ktype, description,
goto found_matching_key; 0);
if (!IS_ERR(key_ref))
goto found_matching_key;
}
/* decide on the permissions we want */ /* decide on the permissions we want */
perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment