From: David Howells Date: Sat, 25 Mar 2006 11:06:52 +0000 (-0800) Subject: [PATCH] Keys: Replace duplicate non-updateable keys rather than failing X-Git-Tag: v2.6.17-rc1~844 X-Git-Url: http://ftp.safe.ca/?p=safe%2Fjmp%2Flinux-2.6;a=commitdiff_plain;h=1d9b7d97d6661edb44ce08f17e47c66d4ac20e34 [PATCH] Keys: Replace duplicate non-updateable keys rather than failing Cause an attempt to add a duplicate non-updateable key (such as a keyring) to a keyring to discard the extant copy in favour of the new one rather than failing with EEXIST: # do the test in an empty session keyctl session # create a new keyring called "a" and attach to session keyctl newring a @s # create another new keyring called "a" and attach to session, # displacing the keyring added by the second command: keyctl newring a @s Without this patch, the third command will fail. For updateable keys (such as those of "user" type), the update method will still be called rather than a new key being created. Signed-off-by: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/security/keys/key.c b/security/keys/key.c index 6276971..a057e33 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_3; } - /* search for an existing key of the same type and description in the - * destination keyring + /* if it's possible to update this type of key, search for an existing + * key of the same type and description in the destination keyring and + * update that instead if possible */ - key_ref = __keyring_search_one(keyring_ref, ktype, description, 0); - if (!IS_ERR(key_ref)) - goto found_matching_key; + if (ktype->update) { + key_ref = __keyring_search_one(keyring_ref, ktype, description, + 0); + if (!IS_ERR(key_ref)) + goto found_matching_key; + } /* decide on the permissions we want */ perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;