diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-08-25 00:28:25 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-08-25 00:28:25 +0200 |
commit | d9c91873ac6dee10aeb7e165dee3aefc5f79bba8 (patch) | |
tree | 55cd455c5b6b8cc3a532a36bcd21b135425afda5 /ncr-key.c | |
parent | cc60983067194a6e7bdc12c7771aeaff6762a253 (diff) | |
parent | 1ba66cab0563708d551e3462c249f1da21695882 (diff) | |
download | cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.gz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.xz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.zip |
Merge branch 'bugfixes' into nlattr
Conflicts:
cryptodev_main.c
examples/ncr.c
examples/pk.c
ncr-int.h
ncr-key-wrap.c
ncr-key.c
ncr.c
ncr.h
Diffstat (limited to 'ncr-key.c')
-rw-r--r-- | ncr-key.c | 50 |
1 files changed, 36 insertions, 14 deletions
@@ -287,13 +287,12 @@ fail: } -void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) +int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) { - if (current_euid()==0) { - item->flags = flags; - } else { - item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING)); - } + if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + return -EPERM; + item->flags = flags; + return 0; } int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data, @@ -343,8 +342,13 @@ size_t tmp_size; } nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(item, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(item, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } nla = tb[NCR_ATTR_KEY_ID]; if (nla != NULL) { @@ -431,8 +435,13 @@ size_t size; /* we generate only secret keys */ nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(item, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(item, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } algo = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]); if (algo == NULL) { @@ -685,8 +694,16 @@ int ret; private->type = NCR_KEY_TYPE_PRIVATE; nla = tb[NCR_ATTR_KEY_FLAGS]; if (nla != NULL) { - ncr_key_assign_flags(private, nla_get_u32(nla)); - ncr_key_assign_flags(public, nla_get_u32(nla)); + ret = ncr_key_assign_flags(private, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + ret = ncr_key_assign_flags(public, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); @@ -747,8 +764,13 @@ struct key_item_st* newkey = NULL; ncr_key_clear(newkey); nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) - ncr_key_assign_flags(newkey, nla_get_u32(nla)); + if (nla != NULL) { + ret = ncr_key_assign_flags(newkey, nla_get_u32(nla)); + if (ret < 0) { + err(); + goto fail; + } + } switch (key->type) { case NCR_KEY_TYPE_PUBLIC: |