Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / 9f6ed2ca257fa8650b876377833e6f14e272848b
commit9f6ed2ca257fa8650b876377833e6f14e272848b[log] [tgz]
authorJeff Layton <jlayton@redhat.com>Tue Jan 17 16:09:11 2012 -0500
committerSteve French <smfrench@gmail.com>Tue Jan 17 22:39:40 2012 -0600
tree8b664dced5415a6d463a56c2bc98756bd5ea5e44
parentce91acb3acae26f4163c5a6f1f695d1a1e8d9009 [diff]
keys: add a "logon" key type

For CIFS, we want to be able to store NTLM credentials (aka username
and password) in the keyring. We do not, however want to allow users
to fetch those keys back out of the keyring since that would be a
security risk.

Unfortunately, due to the nuances of key permission bits, it's not
possible to do this. We need to grant search permissions so the kernel
can find these keys, but that also implies permissions to read the
payload.

Resolve this by adding a new key_type. This key type is essentially
the same as key_type_user, but does not define a .read op. This
prevents the payload from ever being visible from userspace. This
key type also vets the description to ensure that it's "qualified"
by checking to ensure that it has a ':' in it that is preceded by
other characters.

Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
4 files changed
tree: 8b664dced5415a6d463a56c2bc98756bd5ea5e44
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS