-
David Howells authored
Add a facility whereby if KEY_FLAG_TRUSTED_ONLY is set on the destination keyring, the creation of a link to a candidate key will cause the trustworthiness of that key to be evaluated against the already present contents of that keyring. This affects operations like add_key(), KEYCTL_LINK and KEYCTL_INSTANTIATE. To this end: (1) A new key type method is provided: int (*verify_trust)(const union key_payload *payload, struct key *keyring); This is implemented by key types for which verification of one key by another is appropriate. It is primarily intended for use with the asymmetric key type. When called, it is given the payload or prospective payload[*] of the candidate key to verify and a pointer to the destination keyring. The method is expected to search the keying for an appropriate key with which to verify the candidate. [*] If called during add_key(), preparse is called before this method, but a key isn't actually allocated unless the verification is successful. (2) KEY_FLAG_TRUSTED is removed. A key is now trusted by virtue of being contained in the trusted-only keyring being searched. (3) KEY_ALLOC_TRUSTED now acts as an override. If this is passed to key_create_or_update() then the ->verify_trust() method will be ignored and the key will be added anyway. Signed-off-by:David Howells <dhowells@redhat.com>
b3e2fd85
