Merge branch 'bugfixes' into nlattr

Conflicts: cryptodev_main.c examples/ncr.c examples/pk.c ncr-int.h ncr-key-wrap.c ncr-key.c ncr.c ncr.h
author: Miloslav Trmač <mitr@redhat.com> 2010-08-25 00:28:25 +0200
committer: Miloslav Trmač <mitr@redhat.com> 2010-08-25 00:28:25 +0200
commit: d9c91873ac6dee10aeb7e165dee3aefc5f79bba8 (patch)
tree: 55cd455c5b6b8cc3a532a36bcd21b135425afda5 /ncr-key.c
parent: cc60983067194a6e7bdc12c7771aeaff6762a253 (diff)
parent: 1ba66cab0563708d551e3462c249f1da21695882 (diff)
download: cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.gz
cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.xz
cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.zip
1 files changed, 36 insertions, 14 deletions
diff --git a/ncr-key.c b/ncr-key.c
index 6e68245..4942bc4 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -287,13 +287,12 @@ fail:
 	
 }
 
-void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags)
+int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags)
 {
-	if (current_euid()==0) {
-		item->flags = flags;
-	} else {
-		item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING));
-	}
+	if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0)
+		return -EPERM;
+	item->flags = flags;
+	return 0;
 }
 
 int ncr_key_import(struct ncr_lists *lst, const struct ncr_key_import *data,
@@ -343,8 +342,13 @@ size_t tmp_size;
 	}
 
 	nla = tb[NCR_ATTR_KEY_FLAGS];
-	if (nla != NULL)
-		ncr_key_assign_flags(item, nla_get_u32(nla));
+	if (nla != NULL) {
+		ret = ncr_key_assign_flags(item, nla_get_u32(nla));
+		if (ret < 0) {
+			err();
+			goto fail;
+		}
+	}
 
 	nla = tb[NCR_ATTR_KEY_ID];
 	if (nla != NULL) {
@@ -431,8 +435,13 @@ size_t size;
 
 	/* we generate only secret keys */
 	nla = tb[NCR_ATTR_KEY_FLAGS];
-	if (nla != NULL)
-		ncr_key_assign_flags(item, nla_get_u32(nla));
+	if (nla != NULL) {
+		ret = ncr_key_assign_flags(item, nla_get_u32(nla));
+		if (ret < 0) {
+			err();
+			goto fail;
+		}
+	}
 
 	algo = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]);
 	if (algo == NULL) {
@@ -685,8 +694,16 @@ int ret;
 	private->type = NCR_KEY_TYPE_PRIVATE;
 	nla = tb[NCR_ATTR_KEY_FLAGS];
 	if (nla != NULL) {
-		ncr_key_assign_flags(private, nla_get_u32(nla));
-		ncr_key_assign_flags(public, nla_get_u32(nla));
+		ret = ncr_key_assign_flags(private, nla_get_u32(nla));
+		if (ret < 0) {
+			err();
+			goto fail;
+		}
+		ret = ncr_key_assign_flags(public, nla_get_u32(nla));
+		if (ret < 0) {
+			err();
+			goto fail;
+		}
 	}
 
 	public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
@@ -747,8 +764,13 @@ struct key_item_st* newkey = NULL;
 	ncr_key_clear(newkey);
 
 	nla = tb[NCR_ATTR_KEY_FLAGS];
-	if (nla != NULL)
-		ncr_key_assign_flags(newkey, nla_get_u32(nla));
+	if (nla != NULL) {
+		ret = ncr_key_assign_flags(newkey, nla_get_u32(nla));
+		if (ret < 0) {
+			err();
+			goto fail;
+		}
+	}
 
 	switch (key->type) {
 		case NCR_KEY_TYPE_PUBLIC:
author	Miloslav Trmač <mitr@redhat.com>	2010-08-25 00:28:25 +0200
committer	Miloslav Trmač <mitr@redhat.com>	2010-08-25 00:28:25 +0200
commit	d9c91873ac6dee10aeb7e165dee3aefc5f79bba8 (patch)
tree	55cd455c5b6b8cc3a532a36bcd21b135425afda5 /ncr-key.c
parent	cc60983067194a6e7bdc12c7771aeaff6762a253 (diff)
parent	1ba66cab0563708d551e3462c249f1da21695882 (diff)
download	cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.gz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.tar.xz cryptodev-linux-d9c91873ac6dee10aeb7e165dee3aefc5f79bba8.zip