KEYS: Remove key_type::match in favour of overriding default by match_preparse
authorDavid Howells <dhowells@redhat.com>
Tue, 16 Sep 2014 16:36:06 +0000 (17:36 +0100)
committerDavid Howells <dhowells@redhat.com>
Tue, 16 Sep 2014 16:36:06 +0000 (17:36 +0100)
A previous patch added a ->match_preparse() method to the key type.  This is
allowed to override the function called by the iteration algorithm.
Therefore, we can just set a default that simply checks for an exact match of
the key description with the original criterion data and allow match_preparse
to override it as needed.

The key_type::match op is then redundant and can be removed, as can the
user_match() function.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
19 files changed:
crypto/asymmetric_keys/asymmetric_type.c
crypto/asymmetric_keys/pkcs7_key_type.c
fs/cifs/cifs_spnego.c
fs/cifs/cifsacl.c
fs/nfs/idmap.c
include/keys/user-type.h
include/linux/key-type.h
net/ceph/crypto.c
net/dns_resolver/dns_key.c
net/rxrpc/ar-key.c
security/keys/big_key.c
security/keys/encrypted-keys/encrypted.c
security/keys/internal.h
security/keys/key.c
security/keys/keyring.c
security/keys/request_key.c
security/keys/request_key_auth.c
security/keys/trusted.c
security/keys/user_defined.c

index 9d78ad7754d9aa13cf24ed9d70925d4e7c43495a..7c04989689757da3284da98c0e7b933143b89c1b 100644 (file)
@@ -59,8 +59,8 @@ EXPORT_SYMBOL_GPL(asymmetric_keyid_match);
  *     "id:<id>"       - request a key matching the ID
  *     "<subtype>:<id>" - request a key of a subtype
  */
-static int asymmetric_key_match(const struct key *key,
-                               const struct key_match_data *match_data)
+static int asymmetric_key_cmp(const struct key *key,
+                             const struct key_match_data *match_data)
 {
        const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
        const char *description = match_data->raw_data;
@@ -110,6 +110,7 @@ static int asymmetric_key_match(const struct key *key,
 static int asymmetric_key_match_preparse(struct key_match_data *match_data)
 {
        match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
+       match_data->cmp = asymmetric_key_cmp;
        return 0;
 }
 
@@ -224,7 +225,6 @@ struct key_type key_type_asymmetric = {
        .free_preparse  = asymmetric_key_free_preparse,
        .instantiate    = generic_key_instantiate,
        .match_preparse = asymmetric_key_match_preparse,
-       .match          = asymmetric_key_match,
        .match_free     = asymmetric_key_match_free,
        .destroy        = asymmetric_key_destroy,
        .describe       = asymmetric_key_describe,
index d1faa1df1decdd24396d1be7fe507c64a1dcc7e4..751f8fd7335db2203f7257edc8ad680dc7ea2a14 100644 (file)
@@ -75,7 +75,6 @@ static struct key_type key_type_pkcs7 = {
        .preparse               = pkcs7_preparse,
        .free_preparse          = user_free_preparse,
        .instantiate            = generic_key_instantiate,
-       .match                  = user_match,
        .revoke                 = user_revoke,
        .destroy                = user_destroy,
        .describe               = user_describe,
index a3e932547617ea016ebb59ff2c9aa738d157153b..f4cf200b3c76714ca5a059b1ecdcca6f2e77b338 100644 (file)
@@ -62,7 +62,6 @@ cifs_spnego_key_destroy(struct key *key)
 struct key_type cifs_spnego_key_type = {
        .name           = "cifs.spnego",
        .instantiate    = cifs_spnego_key_instantiate,
-       .match          = user_match,
        .destroy        = cifs_spnego_key_destroy,
        .describe       = user_describe,
 };
index 7ff866dbb89eb7b31033ce1e99f7b56f664fbdf6..6d00c419cbae0b54016ba997f55baf1ac7c54956 100644 (file)
@@ -84,7 +84,6 @@ static struct key_type cifs_idmap_key_type = {
        .instantiate = cifs_idmap_key_instantiate,
        .destroy     = cifs_idmap_key_destroy,
        .describe    = user_describe,
-       .match       = user_match,
 };
 
 static char *
index 7dd55b745c4d96cf07de07fc1a925a3590fbd802..2f5db844c172534a229d86b011be1f6ec2c29aff 100644 (file)
@@ -177,7 +177,6 @@ static struct key_type key_type_id_resolver = {
        .preparse       = user_preparse,
        .free_preparse  = user_free_preparse,
        .instantiate    = generic_key_instantiate,
-       .match          = user_match,
        .revoke         = user_revoke,
        .destroy        = user_destroy,
        .describe       = user_describe,
@@ -401,7 +400,6 @@ static struct key_type key_type_id_resolver_legacy = {
        .preparse       = user_preparse,
        .free_preparse  = user_free_preparse,
        .instantiate    = generic_key_instantiate,
-       .match          = user_match,
        .revoke         = user_revoke,
        .destroy        = user_destroy,
        .describe       = user_describe,
index 66d92af30e7c0e5c32edbd308ebbb3f49c04b6df..cebefb069c44a51bed96e7fc671f0e839bf94d6a 100644 (file)
@@ -36,13 +36,10 @@ extern struct key_type key_type_user;
 extern struct key_type key_type_logon;
 
 struct key_preparsed_payload;
-struct key_match_data;
 
 extern int user_preparse(struct key_preparsed_payload *prep);
 extern void user_free_preparse(struct key_preparsed_payload *prep);
 extern int user_update(struct key *key, struct key_preparsed_payload *prep);
-extern int user_match(const struct key *key,
-                     const struct key_match_data *match_data);
 extern void user_revoke(struct key *key);
 extern void user_destroy(struct key *key);
 extern void user_describe(const struct key *user, struct seq_file *m);
index bf93ea6092738706871003c742b27cf12a96084b..c14816bd3b44f14db29787ec90bc3da5ef4a83f9 100644 (file)
@@ -113,10 +113,6 @@ struct key_type {
         */
        int (*match_preparse)(struct key_match_data *match_data);
 
-       /* match a key against a description */
-       int (*match)(const struct key *key,
-                    const struct key_match_data *match_data);
-
        /* Free preparsed match data (optional).  This should be supplied it
         * ->match_preparse() is supplied. */
        void (*match_free)(struct key_match_data *match_data);
index ffeba8f9dda929df4f111a9ef652cf1830f348a9..62fc5e7a9acf7506eba2de7ae314ba6067870ceb 100644 (file)
@@ -476,7 +476,6 @@ struct key_type key_type_ceph = {
        .preparse       = ceph_key_preparse,
        .free_preparse  = ceph_key_free_preparse,
        .instantiate    = generic_key_instantiate,
-       .match          = user_match,
        .destroy        = ceph_key_destroy,
 };
 
index 92df6e508ae7d094601282700d98eedea2b8877f..a07b9ba7e0b7bfaa351dc90750c3ca2590b816eb 100644 (file)
@@ -176,9 +176,8 @@ static void dns_resolver_free_preparse(struct key_preparsed_payload *prep)
  * The domain name may be a simple name or an absolute domain name (which
  * should end with a period).  The domain name is case-independent.
  */
-static int
-dns_resolver_match(const struct key *key,
-                  const struct key_match_data *match_data)
+static int dns_resolver_cmp(const struct key *key,
+                           const struct key_match_data *match_data)
 {
        int slen, dlen, ret = 0;
        const char *src = key->description, *dsp = match_data->raw_data;
@@ -209,6 +208,16 @@ no_match:
        return ret;
 }
 
+/*
+ * Preparse the match criterion.
+ */
+static int dns_resolver_match_preparse(struct key_match_data *match_data)
+{
+       match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
+       match_data->cmp = dns_resolver_cmp;
+       return 0;
+}
+
 /*
  * Describe a DNS key
  */
@@ -243,7 +252,7 @@ struct key_type key_type_dns_resolver = {
        .preparse       = dns_resolver_preparse,
        .free_preparse  = dns_resolver_free_preparse,
        .instantiate    = generic_key_instantiate,
-       .match          = dns_resolver_match,
+       .match_preparse = dns_resolver_match_preparse,
        .revoke         = user_revoke,
        .destroy        = user_destroy,
        .describe       = dns_resolver_describe,
index 3907add75932d9eafb6fd6de8da225171eb5dae5..10c6cb694b4343913498a95a2f982ac11d4a1828 100644 (file)
@@ -44,7 +44,6 @@ struct key_type key_type_rxrpc = {
        .preparse       = rxrpc_preparse,
        .free_preparse  = rxrpc_free_preparse,
        .instantiate    = generic_key_instantiate,
-       .match          = user_match,
        .destroy        = rxrpc_destroy,
        .describe       = rxrpc_describe,
        .read           = rxrpc_read,
@@ -61,7 +60,6 @@ struct key_type key_type_rxrpc_s = {
        .preparse       = rxrpc_preparse_s,
        .free_preparse  = rxrpc_free_preparse_s,
        .instantiate    = generic_key_instantiate,
-       .match          = user_match,
        .destroy        = rxrpc_destroy_s,
        .describe       = rxrpc_describe,
 };
index 4045c13a761a9f43ff8b46722e67968259c2f957..b6adb94f6d52573aecf2e38a16724e06895dded6 100644 (file)
@@ -36,7 +36,6 @@ struct key_type key_type_big_key = {
        .preparse               = big_key_preparse,
        .free_preparse          = big_key_free_preparse,
        .instantiate            = generic_key_instantiate,
-       .match                  = user_match,
        .revoke                 = big_key_revoke,
        .destroy                = big_key_destroy,
        .describe               = big_key_describe,
index 5fe443d120afe81826902cc70efecff24ccee1bb..db9675db10262021612016bed79ade14a960d089 100644 (file)
@@ -970,7 +970,6 @@ struct key_type key_type_encrypted = {
        .name = "encrypted",
        .instantiate = encrypted_instantiate,
        .update = encrypted_update,
-       .match = user_match,
        .destroy = encrypted_destroy,
        .describe = user_describe,
        .read = encrypted_read,
index b47cc532be1e3b87f09f81d24b818ce4e8802753..e66a16cb63e1ca223e71d7b3b66ca5c0f19180ea 100644 (file)
@@ -127,6 +127,8 @@ struct keyring_search_context {
        struct timespec         now;
 };
 
+extern int key_default_cmp(const struct key *key,
+                          const struct key_match_data *match_data);
 extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
                                    struct keyring_search_context *ctx);
 
index b90a68c4e2c4277035b21f873af64efcd95bf782..8c0092ca04430b65b6a0969b5ed3e090038ed2b2 100644 (file)
@@ -799,7 +799,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
        }
 
        key_ref = ERR_PTR(-EINVAL);
-       if (!index_key.type->match || !index_key.type->instantiate ||
+       if (!index_key.type->instantiate ||
            (!index_key.description && !index_key.type->preparse))
                goto error_put_type;
 
index 10f0a5f2d3620ce775a529b6090cb61667360ec6..253c9a0eb092e2add086d5da72f0811e11007534 100644 (file)
@@ -89,7 +89,6 @@ struct key_type key_type_keyring = {
        .preparse       = keyring_preparse,
        .free_preparse  = keyring_free_preparse,
        .instantiate    = keyring_instantiate,
-       .match          = user_match,
        .revoke         = keyring_revoke,
        .destroy        = keyring_destroy,
        .describe       = keyring_describe,
@@ -511,6 +510,15 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
 }
 EXPORT_SYMBOL(keyring_alloc);
 
+/*
+ * By default, we keys found by getting an exact match on their descriptions.
+ */
+int key_default_cmp(const struct key *key,
+                   const struct key_match_data *match_data)
+{
+       return strcmp(key->description, match_data->raw_data) == 0;
+}
+
 /*
  * Iteration function to consider each key found.
  */
@@ -884,7 +892,7 @@ key_ref_t keyring_search(key_ref_t keyring,
                .index_key.type         = type,
                .index_key.description  = description,
                .cred                   = current_cred(),
-               .match_data.cmp         = type->match,
+               .match_data.cmp         = key_default_cmp,
                .match_data.raw_data    = description,
                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
                .flags                  = KEYRING_SEARCH_DO_STATE_CHECK,
@@ -892,9 +900,6 @@ key_ref_t keyring_search(key_ref_t keyring,
        key_ref_t key;
        int ret;
 
-       if (!ctx.match_data.cmp)
-               return ERR_PTR(-ENOKEY);
-
        if (type->match_preparse) {
                ret = type->match_preparse(&ctx.match_data);
                if (ret < 0)
index 408523e5e2e2eef5ccb421ed33d4986d15dcad84..dc6ed32b7844cfabce17e4fe0e5e309555524b8b 100644 (file)
@@ -531,7 +531,7 @@ struct key *request_key_and_link(struct key_type *type,
                .index_key.type         = type,
                .index_key.description  = description,
                .cred                   = current_cred(),
-               .match_data.cmp         = type->match,
+               .match_data.cmp         = key_default_cmp,
                .match_data.raw_data    = description,
                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
        };
index 9ae02819cc064f3c68ef505b4a2ca75c7b762264..6639e2cb885322c6a43924496b2a68be25b9a5e6 100644 (file)
@@ -246,7 +246,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
                .index_key.type         = &key_type_request_key_auth,
                .index_key.description  = description,
                .cred                   = current_cred(),
-               .match_data.cmp         = user_match,
+               .match_data.cmp         = key_default_cmp,
                .match_data.raw_data    = description,
                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
        };
index 6b804aa4529a171bfab534307903b142c23cf891..c0594cb07adab14f1efeb970a8c0dd85d86a7931 100644 (file)
@@ -1096,7 +1096,6 @@ struct key_type key_type_trusted = {
        .name = "trusted",
        .instantiate = trusted_instantiate,
        .update = trusted_update,
-       .match = user_match,
        .destroy = trusted_destroy,
        .describe = user_describe,
        .read = trusted_read,
index cd7e726e8646a79c8a016cdd9d8b4b0b81b0f59f..36b47bbd3d8cc277de55e0c0cdd722618ca13231 100644 (file)
@@ -30,7 +30,6 @@ struct key_type key_type_user = {
        .free_preparse          = user_free_preparse,
        .instantiate            = generic_key_instantiate,
        .update                 = user_update,
-       .match                  = user_match,
        .revoke                 = user_revoke,
        .destroy                = user_destroy,
        .describe               = user_describe,
@@ -51,7 +50,6 @@ struct key_type key_type_logon = {
        .free_preparse          = user_free_preparse,
        .instantiate            = generic_key_instantiate,
        .update                 = user_update,
-       .match                  = user_match,
        .revoke                 = user_revoke,
        .destroy                = user_destroy,
        .describe               = user_describe,
@@ -136,16 +134,6 @@ error:
 
 EXPORT_SYMBOL_GPL(user_update);
 
-/*
- * match users on their name
- */
-int user_match(const struct key *key, const struct key_match_data *match_data)
-{
-       return strcmp(key->description, match_data->raw_data) == 0;
-}
-
-EXPORT_SYMBOL_GPL(user_match);
-
 /*
  * dispose of the links from a revoked keyring
  * - called with the key sem write-locked