Commit 7dfa0ca6 authored by David Howells's avatar David Howells

KEYS: Allow expiry time to be set when preparsing a key

Allow a key type's preparsing routine to set the expiry time for a key.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarSteve Dickson <steved@redhat.com>
Acked-by: default avatarJeff Layton <jlayton@primarydata.com>
Reviewed-by: default avatarSage Weil <sage@redhat.com>
parent fc7c70e0
...@@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory: ...@@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory:
const void *data; const void *data;
size_t datalen; size_t datalen;
size_t quotalen; size_t quotalen;
time_t expiry;
}; };
Before calling the method, the caller will fill in data and datalen with Before calling the method, the caller will fill in data and datalen with
the payload blob parameters; quotalen will be filled in with the default the payload blob parameters; quotalen will be filled in with the default
quota size from the key type and the rest will be cleared. quota size from the key type; expiry will be set to TIME_T_MAX and the
rest will be cleared.
If a description can be proposed from the payload contents, that should be If a description can be proposed from the payload contents, that should be
attached as a string to the description field. This will be used for the attached as a string to the description field. This will be used for the
key description if the caller of add_key() passes NULL or "". key description if the caller of add_key() passes NULL or "".
The method can attach anything it likes to type_data[] and payload. These The method can attach anything it likes to type_data[] and payload. These
are merely passed along to the instantiate() or update() operations. are merely passed along to the instantiate() or update() operations. If
set, the expiry time will be applied to the key if it is instantiated from
this data.
The method should return 0 if success ful or a negative error code The method should return 0 if successful or a negative error code
otherwise. otherwise.
......
...@@ -45,6 +45,7 @@ struct key_preparsed_payload { ...@@ -45,6 +45,7 @@ struct key_preparsed_payload {
const void *data; /* Raw data */ const void *data; /* Raw data */
size_t datalen; /* Raw datalen */ size_t datalen; /* Raw datalen */
size_t quotalen; /* Quota length for proposed payload */ size_t quotalen; /* Quota length for proposed payload */
time_t expiry; /* Expiry time of key */
bool trusted; /* True if key is trusted */ bool trusted; /* True if key is trusted */
}; };
......
...@@ -437,6 +437,11 @@ static int __key_instantiate_and_link(struct key *key, ...@@ -437,6 +437,11 @@ static int __key_instantiate_and_link(struct key *key,
/* disable the authorisation key */ /* disable the authorisation key */
if (authkey) if (authkey)
key_revoke(authkey); key_revoke(authkey);
if (prep->expiry != TIME_T_MAX) {
key->expiry = prep->expiry;
key_schedule_gc(prep->expiry + key_gc_delay);
}
} }
} }
...@@ -479,6 +484,7 @@ int key_instantiate_and_link(struct key *key, ...@@ -479,6 +484,7 @@ int key_instantiate_and_link(struct key *key,
prep.data = data; prep.data = data;
prep.datalen = datalen; prep.datalen = datalen;
prep.quotalen = key->type->def_datalen; prep.quotalen = key->type->def_datalen;
prep.expiry = TIME_T_MAX;
if (key->type->preparse) { if (key->type->preparse) {
ret = key->type->preparse(&prep); ret = key->type->preparse(&prep);
if (ret < 0) if (ret < 0)
...@@ -811,6 +817,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, ...@@ -811,6 +817,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
prep.datalen = plen; prep.datalen = plen;
prep.quotalen = index_key.type->def_datalen; prep.quotalen = index_key.type->def_datalen;
prep.trusted = flags & KEY_ALLOC_TRUSTED; prep.trusted = flags & KEY_ALLOC_TRUSTED;
prep.expiry = TIME_T_MAX;
if (index_key.type->preparse) { if (index_key.type->preparse) {
ret = index_key.type->preparse(&prep); ret = index_key.type->preparse(&prep);
if (ret < 0) { if (ret < 0) {
...@@ -941,6 +948,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen) ...@@ -941,6 +948,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
prep.data = payload; prep.data = payload;
prep.datalen = plen; prep.datalen = plen;
prep.quotalen = key->type->def_datalen; prep.quotalen = key->type->def_datalen;
prep.expiry = TIME_T_MAX;
if (key->type->preparse) { if (key->type->preparse) {
ret = key->type->preparse(&prep); ret = key->type->preparse(&prep);
if (ret < 0) if (ret < 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment