The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx> --- fs/ecryptfs/ecryptfs_kernel.h | 11 +++++++++-- fs/ecryptfs/keystore.c | 15 +++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index a27cad4..068eade 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -29,6 +29,7 @@ #define ECRYPTFS_KERNEL_H #include <keys/user-type.h> +#include <keys/encrypted-type.h> #include <linux/fs.h> #include <linux/fs_stack.h> #include <linux/namei.h> @@ -81,8 +82,14 @@ struct ecryptfs_page_crypt_context { static inline struct ecryptfs_auth_tok * ecryptfs_get_key_payload_data(struct key *key) { - return (struct ecryptfs_auth_tok *) - (((struct user_key_payload*)key->payload.data)->data); +#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) + if (key->type == &key_type_encrypted) + return (struct ecryptfs_auth_tok *) + (&((struct encrypted_key_payload *)key->payload.data)->payload_data); + else +#endif + return (struct ecryptfs_auth_tok *) + (((struct user_key_payload *)key->payload.data)->data); } #define ECRYPTFS_SUPER_MAGIC 0xf15f diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 73811cf..8d72635 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1542,10 +1542,17 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, (*auth_tok_key) = request_key(&key_type_user, sig, NULL); if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { - printk(KERN_ERR "Could not find key with description: [%s]\n", - sig); - rc = process_request_key_err(PTR_ERR(*auth_tok_key)); - goto out; +#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) + (*auth_tok_key) = request_key(&key_type_encrypted, sig, NULL); + if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { +#endif + printk(KERN_ERR "Could not find key with description: [%s]\n", + sig); + rc = process_request_key_err(PTR_ERR(*auth_tok_key)); + goto out; +#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) + } +#endif } (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); if (ecryptfs_verify_version((*auth_tok)->version)) { -- 1.7.2.3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature