KEYS: Add a key type op to permit the key description to be vetted Add a key type operation to permit the key type to vet the description of a new key that key_alloc() is about to allocate. The operation may reject the description if it wishes with an error of its choosing. If it does this, the key will not be allocated. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24 [log] [tgz]
author: David Howells <dhowells@redhat.com> Mon Mar 07 15:05:59 2011 +0000
committer: James Morris <jmorris@namei.org> Tue Mar 08 11:17:15 2011 +1100
tree: 0f58a92c2616b3663f88935290d32a4c90d57025
parent: 633e804e89464d3875e59de1959a53f9041d3094 [diff]
diff --git a/security/keys/key.c b/security/keys/key.c
index 1c2d43d..8e315ef 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c

@@ -249,6 +249,14 @@
 	if (!desc || !*desc)
 		goto error;
 
+	if (type->vet_description) {
+		ret = type->vet_description(desc);
+		if (ret < 0) {
+			key = ERR_PTR(ret);
+			goto error;
+		}
+	}
+
 	desclen = strlen(desc) + 1;
 	quotalen = desclen + type->def_datalen;
commit	b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Mon Mar 07 15:05:59 2011 +0000
committer	James Morris <jmorris@namei.org>	Tue Mar 08 11:17:15 2011 +1100
tree	0f58a92c2616b3663f88935290d32a4c90d57025
parent	633e804e89464d3875e59de1959a53f9041d3094 [diff]