KEYS: Allow expiry time to be set when preparsing a key

Allow a key type's preparsing routine to set the expiry time for a key.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Sage Weil <sage@redhat.com>
This commit is contained in:
David Howells 2014-07-18 18:56:34 +01:00
parent fc7c70e0b6
commit 7dfa0ca6a9
3 changed files with 16 additions and 3 deletions

View File

@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory:
const void *data; const void *data;
size_t datalen; size_t datalen;
size_t quotalen; size_t quotalen;
time_t expiry;
}; };
Before calling the method, the caller will fill in data and datalen with Before calling the method, the caller will fill in data and datalen with
the payload blob parameters; quotalen will be filled in with the default the payload blob parameters; quotalen will be filled in with the default
quota size from the key type and the rest will be cleared. quota size from the key type; expiry will be set to TIME_T_MAX and the
rest will be cleared.
If a description can be proposed from the payload contents, that should be If a description can be proposed from the payload contents, that should be
attached as a string to the description field. This will be used for the attached as a string to the description field. This will be used for the
key description if the caller of add_key() passes NULL or "". key description if the caller of add_key() passes NULL or "".
The method can attach anything it likes to type_data[] and payload. These The method can attach anything it likes to type_data[] and payload. These
are merely passed along to the instantiate() or update() operations. are merely passed along to the instantiate() or update() operations. If
set, the expiry time will be applied to the key if it is instantiated from
this data.
The method should return 0 if success ful or a negative error code The method should return 0 if successful or a negative error code
otherwise. otherwise.

View File

@ -45,6 +45,7 @@ struct key_preparsed_payload {
const void *data; /* Raw data */ const void *data; /* Raw data */
size_t datalen; /* Raw datalen */ size_t datalen; /* Raw datalen */
size_t quotalen; /* Quota length for proposed payload */ size_t quotalen; /* Quota length for proposed payload */
time_t expiry; /* Expiry time of key */
bool trusted; /* True if key is trusted */ bool trusted; /* True if key is trusted */
}; };

View File

@ -437,6 +437,11 @@ static int __key_instantiate_and_link(struct key *key,
/* disable the authorisation key */ /* disable the authorisation key */
if (authkey) if (authkey)
key_revoke(authkey); key_revoke(authkey);
if (prep->expiry != TIME_T_MAX) {
key->expiry = prep->expiry;
key_schedule_gc(prep->expiry + key_gc_delay);
}
} }
} }
@ -479,6 +484,7 @@ int key_instantiate_and_link(struct key *key,
prep.data = data; prep.data = data;
prep.datalen = datalen; prep.datalen = datalen;
prep.quotalen = key->type->def_datalen; prep.quotalen = key->type->def_datalen;
prep.expiry = TIME_T_MAX;
if (key->type->preparse) { if (key->type->preparse) {
ret = key->type->preparse(&prep); ret = key->type->preparse(&prep);
if (ret < 0) if (ret < 0)
@ -811,6 +817,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
prep.datalen = plen; prep.datalen = plen;
prep.quotalen = index_key.type->def_datalen; prep.quotalen = index_key.type->def_datalen;
prep.trusted = flags & KEY_ALLOC_TRUSTED; prep.trusted = flags & KEY_ALLOC_TRUSTED;
prep.expiry = TIME_T_MAX;
if (index_key.type->preparse) { if (index_key.type->preparse) {
ret = index_key.type->preparse(&prep); ret = index_key.type->preparse(&prep);
if (ret < 0) { if (ret < 0) {
@ -941,6 +948,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
prep.data = payload; prep.data = payload;
prep.datalen = plen; prep.datalen = plen;
prep.quotalen = key->type->def_datalen; prep.quotalen = key->type->def_datalen;
prep.expiry = TIME_T_MAX;
if (key->type->preparse) { if (key->type->preparse) {
ret = key->type->preparse(&prep); ret = key->type->preparse(&prep);
if (ret < 0) if (ret < 0)