summaryrefslogtreecommitdiffstats
path: root/security/keys/request_key_auth.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-09-24 11:35:13 +0200
committerDavid Howells <dhowells@redhat.com>2013-09-24 11:35:13 +0200
commit61ea0c0ba904a55f55317d850c1072ff7835ac92 (patch)
tree259f6872bc88d1cb4e94e405d5273c6dbc678175 /security/keys/request_key_auth.c
parentselinux: add Paul Moore as a SELinux maintainer (diff)
downloadlinux-61ea0c0ba904a55f55317d850c1072ff7835ac92.tar.xz
linux-61ea0c0ba904a55f55317d850c1072ff7835ac92.zip
KEYS: Skip key state checks when checking for possession
Skip key state checks (invalidation, revocation and expiration) when checking for possession. Without this, keys that have been marked invalid, revoked keys and expired keys are not given a possession attribute - which means the possessor is not granted any possession permits and cannot do anything with them unless they also have one a user, group or other permit. This causes failures in the keyutils test suite's revocation and expiration tests now that commit 96b5c8fea6c0861621051290d705ec2e971963f1 reduced the initial permissions granted to a key. The failures are due to accesses to revoked and expired keys being given EACCES instead of EKEYREVOKED or EKEYEXPIRED. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/request_key_auth.c')
-rw-r--r--security/keys/request_key_auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 85730d5a5a59..92077de555df 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -247,7 +247,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
&key_type_request_key_auth,
(void *) (unsigned long) target_id,
key_get_instantiation_authkey_match,
- cred);
+ false, cred);
if (IS_ERR(authkey_ref)) {
authkey = ERR_CAST(authkey_ref);