...and have it loosen the permissions to allow searching. There seems
to be no clear way to make user keys unreadable, but still allow for
them to be searched, so we'll need a new key_type that doesn't allow
you to read the payload from userspace. That will be proposed in a
separate kernel patch.
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
---
cifscreds.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/cifscreds.c b/cifscreds.c
index 6079b38..5c5b578 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -52,6 +52,9 @@
/* destination keyring */
#define DEST_KEYRING KEY_SPEC_SESSION_KEYRING
+#define CIFS_KEY_TYPE "secret"
+#define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \
+ KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH)
struct cmdarg {
char *host;
@@ -223,7 +226,7 @@ key_add(const char *addr, const char *user, const char *pass, char keytype)
/* set payload contents */
len = sprintf(val, "%s:%s", user, pass);
- return add_key("user", desc, val, len + 1, DEST_KEYRING);
+ return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
}
/* add command handler */
@@ -300,10 +303,7 @@ static int cifscreds_add(struct cmdarg *arg)
fprintf(stderr, "error: Add credential key for %s\n",
currentaddress);
} else {
- if (keyctl(KEYCTL_SETPERM, key, KEY_POS_VIEW | \
- KEY_POS_WRITE | KEY_USR_VIEW | \
- KEY_USR_WRITE) < 0
- ) {
+ if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) {
fprintf(stderr, "error: Setting permissons "
"on key, attempt to delete...\n");
--
1.7.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
