diff options
author | Jeff Layton <jlayton@redhat.com> | 2012-01-17 16:09:11 -0500 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2012-01-17 22:39:40 -0600 |
commit | 9f6ed2ca257fa8650b876377833e6f14e272848b (patch) | |
tree | 8b664dced5415a6d463a56c2bc98756bd5ea5e44 /security/keys/key.c | |
parent | ce91acb3acae26f4163c5a6f1f695d1a1e8d9009 (diff) |
keys: add a "logon" key type
For CIFS, we want to be able to store NTLM credentials (aka username
and password) in the keyring. We do not, however want to allow users
to fetch those keys back out of the keyring since that would be a
security risk.
Unfortunately, due to the nuances of key permission bits, it's not
possible to do this. We need to grant search permissions so the kernel
can find these keys, but that also implies permissions to read the
payload.
Resolve this by adding a new key_type. This key type is essentially
the same as key_type_user, but does not define a .read op. This
prevents the payload from ever being visible from userspace. This
key type also vets the description to ensure that it's "qualified"
by checking to ensure that it has a ':' in it that is preceded by
other characters.
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 4f64c7267af..7ada8019be1 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -999,6 +999,7 @@ void __init key_init(void) list_add_tail(&key_type_keyring.link, &key_types_list); list_add_tail(&key_type_dead.link, &key_types_list); list_add_tail(&key_type_user.link, &key_types_list); + list_add_tail(&key_type_logon.link, &key_types_list); /* record the root user tracking */ rb_link_node(&root_key_user.node, |