Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 982363c9 authored by Eric Sandeen's avatar Eric Sandeen Committed by Linus Torvalds
Browse files

ecryptfs: propagate key errors up at mount time 



Mounting with invalid key signatures should probably fail, if they were
specifically requested but not available.

Also fix case checks in process_request_key_err() for the right sign of
the errnos, as spotted by Jan Tluka.

Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
Reviewed-by: default avatarJan Tluka <jtluka@redhat.com>
Acked-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 6c4c17b0

fs/ecryptfs/keystore.c

+4 −5
Original line number Diff line number Diff line
@@ -44,15 +44,15 @@ static int process_request_key_err(long err_code) 
	int rc = 0;



	switch (err_code) {

	case ENOKEY:

	case -ENOKEY:

		ecryptfs_printk(KERN_WARNING, "No key\n");

		rc = -ENOENT;

		break;

	case EKEYEXPIRED:

	case -EKEYEXPIRED:

		ecryptfs_printk(KERN_WARNING, "Key expired\n");

		rc = -ETIME;

		break;

	case EKEYREVOKED:

	case -EKEYREVOKED:

		ecryptfs_printk(KERN_WARNING, "Key revoked\n");

		rc = -EINVAL;

		break;
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 
	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {

		printk(KERN_ERR "Could not find key with description: [%s]\n",

		       sig);

		process_request_key_err(PTR_ERR(*auth_tok_key));

		rc = -EINVAL;

		rc = process_request_key_err(PTR_ERR(*auth_tok_key));

		goto out;

	}

	(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);

fs/ecryptfs/main.c

+2 −2
Original line number Diff line number Diff line
@@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_toks( 
			       "session keyring for sig specified in mount "

			       "option: [%s]\n", global_auth_tok->sig);

			global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;

			rc = 0;

			goto out;

		} else

			global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;

	}

out:

	return rc;

}
@@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) 
		printk(KERN_WARNING "One or more global auth toks could not "

		       "properly register; rc = [%d]\n", rc);

	}

	rc = 0;

out:

	return rc;

}