git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
eCryptfs: don't encrypt file key with filename key
[safe/jmp/linux-2.6] / fs / ecryptfs / keystore.c
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e6a96e8..e4a6223 100644 (file)
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -556,8 +556,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                goto out_unlock;
        }
        if (s->max_packet_size > (*remaining_bytes)) {
-               printk(KERN_WARNING "%s: Require [%d] bytes to write; only "
-                      "[%d] available\n", __func__, s->max_packet_size,
+               printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
+                      "[%zd] available\n", __func__, s->max_packet_size,
                       (*remaining_bytes));
                rc = -EINVAL;
                goto out_unlock;
@@ -594,7 +594,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                mount_crypt_stat->global_default_fn_cipher_key_bytes);
        if (s->cipher_code == 0) {
                printk(KERN_WARNING "%s: Unable to generate code for "
-                      "cipher [%s] with key bytes [%d]\n", __func__,
+                      "cipher [%s] with key bytes [%zd]\n", __func__,
                       mount_crypt_stat->global_default_fn_cipher_name,
                       mount_crypt_stat->global_default_fn_cipher_key_bytes);
                rc = -EINVAL;
@@ -693,7 +693,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert filename memory to scatterlist; "
                       "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%d]\n", __func__, rc,
+                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
                       s->block_aligned_filename_size);
                goto out_release_free_unlock;
        }
@@ -703,7 +703,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert encrypted filename memory to scatterlist; "
                       "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%d]\n", __func__, rc,
+                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
                       s->block_aligned_filename_size);
                goto out_release_free_unlock;
        }
@@ -771,6 +771,17 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
 /**
  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
  * @filename: This function kmalloc's the memory for the filename
+ * @filename_size: This function sets this to the amount of memory
+ *                 kmalloc'd for the filename
+ * @packet_size: This function sets this to the the number of octets
+ *               in the packet parsed
+ * @mount_crypt_stat: The mount-wide cryptographic context
+ * @data: The memory location containing the start of the tag 70
+ *        packet
+ * @max_packet_size: The maximum legal size of the packet to be parsed
+ *                   from @data
+ *
+ * Returns zero on success; non-zero otherwise
  */
 int
 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
@@ -787,7 +798,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        s = kmalloc(sizeof(*s), GFP_KERNEL);
        if (!s) {
                printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
-                      "[%d] bytes of kernel memory\n", __func__, sizeof(*s));
+                      "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
                goto out;
        }
        s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
@@ -825,8 +836,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                                          - ECRYPTFS_SIG_SIZE - 1);
        if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
            > max_packet_size) {
-               printk(KERN_WARNING "%s: max_packet_size is [%d]; real packet "
-                      "size is [%d]\n", __func__, max_packet_size,
+               printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
+                      "size is [%zd]\n", __func__, max_packet_size,
                       (1 + s->packet_size_len + 1
                        + s->block_aligned_filename_size));
                rc = -EINVAL;
@@ -860,7 +871,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert encrypted filename memory to scatterlist; "
                       "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%d]\n", __func__, rc,
+                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
                       s->block_aligned_filename_size);
                goto out_unlock;
        }
@@ -869,7 +880,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                                        GFP_KERNEL);
        if (!s->decrypted_filename) {
                printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                      "kmalloc [%d] bytes\n", __func__,
+                      "kmalloc [%zd] bytes\n", __func__,
                       s->block_aligned_filename_size);
                rc = -ENOMEM;
                goto out_unlock;
@@ -880,7 +891,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert decrypted filename memory to scatterlist; "
                       "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%d]\n", __func__, rc,
+                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
                       s->block_aligned_filename_size);
                goto out_free_unlock;
        }
@@ -944,7 +955,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
        if (!(*filename)) {
                printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                      "kmalloc [%d] bytes\n", __func__,
+                      "kmalloc [%zd] bytes\n", __func__,
                       ((*filename_size) + 1));
                rc = -ENOMEM;
                goto out_free_unlock;
@@ -2364,7 +2375,7 @@ struct kmem_cache *ecryptfs_global_auth_tok_cache;
 
 int
 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
-                            char *sig)
+                            char *sig, u32 global_auth_tok_flags)
 {
        struct ecryptfs_global_auth_tok *new_auth_tok;
        int rc = 0;
@@ -2378,6 +2389,7 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
                goto out;
        }
        memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
+       new_auth_tok->flags = global_auth_tok_flags;
        new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
        mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
        list_add(&new_auth_tok->mount_crypt_stat_list,
Full containers within linux kernel