summaryrefslogtreecommitdiffstats
path: root/net/rxrpc/security.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2020-09-16 09:19:12 +0200
committerDavid Howells <dhowells@redhat.com>2020-11-23 19:09:29 +0100
commit41057ebde0025b0179b852dd785c9f3f0f08adad (patch)
tree38c65bf6981af9039860c4e1d4cbf930a041550e /net/rxrpc/security.c
parentrxrpc: List the held token types in the key description in /proc/keys (diff)
downloadlinux-41057ebde0025b0179b852dd785c9f3f0f08adad.tar.xz
linux-41057ebde0025b0179b852dd785c9f3f0f08adad.zip
rxrpc: Support keys with multiple authentication tokens
rxrpc-type keys can have multiple tokens attached for different security classes. Currently, rxrpc always picks the first one, whether or not the security class it indicates is supported. Add preliminary support for choosing which security class will be used (this will need to be directed from a higher layer) and go through the tokens to find one that's supported. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'net/rxrpc/security.c')
-rw-r--r--net/rxrpc/security.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c
index 9b1fb9ed0717..0c5168f52bd6 100644
--- a/net/rxrpc/security.c
+++ b/net/rxrpc/security.c
@@ -81,16 +81,17 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
if (ret < 0)
return ret;
- token = key->payload.data[0];
- if (!token)
- return -EKEYREJECTED;
+ for (token = key->payload.data[0]; token; token = token->next) {
+ sec = rxrpc_security_lookup(token->security_index);
+ if (sec)
+ goto found;
+ }
+ return -EKEYREJECTED;
- sec = rxrpc_security_lookup(token->security_index);
- if (!sec)
- return -EKEYREJECTED;
+found:
conn->security = sec;
- ret = conn->security->init_connection_security(conn);
+ ret = conn->security->init_connection_security(conn, token);
if (ret < 0) {
conn->security = &rxrpc_no_security;
return ret;