mirror of https://gitee.com/openkylin/linux.git
KEYS: Allow expiry time to be set when preparsing a key
Allow a key type's preparsing routine to set the expiry time for a key. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Acked-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Sage Weil <sage@redhat.com>
This commit is contained in:
parent
fc7c70e0b6
commit
7dfa0ca6a9
|
@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory:
|
||||||
const void *data;
|
const void *data;
|
||||||
size_t datalen;
|
size_t datalen;
|
||||||
size_t quotalen;
|
size_t quotalen;
|
||||||
|
time_t expiry;
|
||||||
};
|
};
|
||||||
|
|
||||||
Before calling the method, the caller will fill in data and datalen with
|
Before calling the method, the caller will fill in data and datalen with
|
||||||
the payload blob parameters; quotalen will be filled in with the default
|
the payload blob parameters; quotalen will be filled in with the default
|
||||||
quota size from the key type and the rest will be cleared.
|
quota size from the key type; expiry will be set to TIME_T_MAX and the
|
||||||
|
rest will be cleared.
|
||||||
|
|
||||||
If a description can be proposed from the payload contents, that should be
|
If a description can be proposed from the payload contents, that should be
|
||||||
attached as a string to the description field. This will be used for the
|
attached as a string to the description field. This will be used for the
|
||||||
key description if the caller of add_key() passes NULL or "".
|
key description if the caller of add_key() passes NULL or "".
|
||||||
|
|
||||||
The method can attach anything it likes to type_data[] and payload. These
|
The method can attach anything it likes to type_data[] and payload. These
|
||||||
are merely passed along to the instantiate() or update() operations.
|
are merely passed along to the instantiate() or update() operations. If
|
||||||
|
set, the expiry time will be applied to the key if it is instantiated from
|
||||||
|
this data.
|
||||||
|
|
||||||
The method should return 0 if success ful or a negative error code
|
The method should return 0 if successful or a negative error code
|
||||||
otherwise.
|
otherwise.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -45,6 +45,7 @@ struct key_preparsed_payload {
|
||||||
const void *data; /* Raw data */
|
const void *data; /* Raw data */
|
||||||
size_t datalen; /* Raw datalen */
|
size_t datalen; /* Raw datalen */
|
||||||
size_t quotalen; /* Quota length for proposed payload */
|
size_t quotalen; /* Quota length for proposed payload */
|
||||||
|
time_t expiry; /* Expiry time of key */
|
||||||
bool trusted; /* True if key is trusted */
|
bool trusted; /* True if key is trusted */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -437,6 +437,11 @@ static int __key_instantiate_and_link(struct key *key,
|
||||||
/* disable the authorisation key */
|
/* disable the authorisation key */
|
||||||
if (authkey)
|
if (authkey)
|
||||||
key_revoke(authkey);
|
key_revoke(authkey);
|
||||||
|
|
||||||
|
if (prep->expiry != TIME_T_MAX) {
|
||||||
|
key->expiry = prep->expiry;
|
||||||
|
key_schedule_gc(prep->expiry + key_gc_delay);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -479,6 +484,7 @@ int key_instantiate_and_link(struct key *key,
|
||||||
prep.data = data;
|
prep.data = data;
|
||||||
prep.datalen = datalen;
|
prep.datalen = datalen;
|
||||||
prep.quotalen = key->type->def_datalen;
|
prep.quotalen = key->type->def_datalen;
|
||||||
|
prep.expiry = TIME_T_MAX;
|
||||||
if (key->type->preparse) {
|
if (key->type->preparse) {
|
||||||
ret = key->type->preparse(&prep);
|
ret = key->type->preparse(&prep);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
|
@ -811,6 +817,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
|
||||||
prep.datalen = plen;
|
prep.datalen = plen;
|
||||||
prep.quotalen = index_key.type->def_datalen;
|
prep.quotalen = index_key.type->def_datalen;
|
||||||
prep.trusted = flags & KEY_ALLOC_TRUSTED;
|
prep.trusted = flags & KEY_ALLOC_TRUSTED;
|
||||||
|
prep.expiry = TIME_T_MAX;
|
||||||
if (index_key.type->preparse) {
|
if (index_key.type->preparse) {
|
||||||
ret = index_key.type->preparse(&prep);
|
ret = index_key.type->preparse(&prep);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
|
@ -941,6 +948,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
|
||||||
prep.data = payload;
|
prep.data = payload;
|
||||||
prep.datalen = plen;
|
prep.datalen = plen;
|
||||||
prep.quotalen = key->type->def_datalen;
|
prep.quotalen = key->type->def_datalen;
|
||||||
|
prep.expiry = TIME_T_MAX;
|
||||||
if (key->type->preparse) {
|
if (key->type->preparse) {
|
||||||
ret = key->type->preparse(&prep);
|
ret = key->type->preparse(&prep);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
|
|
Loading…
Reference in New Issue