mirror of https://gitee.com/openkylin/linux.git
ecryptfs: propagate key errors up at mount time
Mounting with invalid key signatures should probably fail, if they were specifically requested but not available. Also fix case checks in process_request_key_err() for the right sign of the errnos, as spotted by Jan Tluka. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Jan Tluka <jtluka@redhat.com> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
6c4c17b073
commit
982363c97f
|
@ -44,15 +44,15 @@ static int process_request_key_err(long err_code)
|
|||
int rc = 0;
|
||||
|
||||
switch (err_code) {
|
||||
case ENOKEY:
|
||||
case -ENOKEY:
|
||||
ecryptfs_printk(KERN_WARNING, "No key\n");
|
||||
rc = -ENOENT;
|
||||
break;
|
||||
case EKEYEXPIRED:
|
||||
case -EKEYEXPIRED:
|
||||
ecryptfs_printk(KERN_WARNING, "Key expired\n");
|
||||
rc = -ETIME;
|
||||
break;
|
||||
case EKEYREVOKED:
|
||||
case -EKEYREVOKED:
|
||||
ecryptfs_printk(KERN_WARNING, "Key revoked\n");
|
||||
rc = -EINVAL;
|
||||
break;
|
||||
|
@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
|
|||
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
|
||||
printk(KERN_ERR "Could not find key with description: [%s]\n",
|
||||
sig);
|
||||
process_request_key_err(PTR_ERR(*auth_tok_key));
|
||||
rc = -EINVAL;
|
||||
rc = process_request_key_err(PTR_ERR(*auth_tok_key));
|
||||
goto out;
|
||||
}
|
||||
(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
|
||||
|
|
|
@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_toks(
|
|||
"session keyring for sig specified in mount "
|
||||
"option: [%s]\n", global_auth_tok->sig);
|
||||
global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
|
||||
rc = 0;
|
||||
goto out;
|
||||
} else
|
||||
global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
|
||||
}
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
|
|||
printk(KERN_WARNING "One or more global auth toks could not "
|
||||
"properly register; rc = [%d]\n", rc);
|
||||
}
|
||||
rc = 0;
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue