From 23887f95c9d3ce52a03df451a47a9ca258bc0870 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 7 Mar 2011 15:05:59 +0000
Subject: [PATCH] --- yaml --- r: 235096 b: refs/heads/master c:
 b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24 h: refs/heads/master v: v3

---
 [refs]                         |  2 +-
 trunk/Documentation/keys.txt   |  7 +++++++
 trunk/include/linux/key-type.h |  3 +++
 trunk/net/rxrpc/ar-key.c       | 19 +++++++++++++++++++
 trunk/security/keys/key.c      |  8 ++++++++
 5 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index deaa34d7df91..43f3990c5e88 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 633e804e89464d3875e59de1959a53f9041d3094
+refs/heads/master: b9fffa3877a3ebbe0a5ad5a247358e2f7df15b24
diff --git a/trunk/Documentation/keys.txt b/trunk/Documentation/keys.txt
index e4dbbdb1bd96..cf68d1fed95d 100644
--- a/trunk/Documentation/keys.txt
+++ b/trunk/Documentation/keys.txt
@@ -1062,6 +1062,13 @@ The structure has a number of fields, some of which are mandatory:
      viable.
 
 
+ (*) int (*vet_description)(const char *description);
+
+     This optional method is called to vet a key description.  If the key type
+     doesn't approve of the key description, it may return an error, otherwise
+     it should return 0.
+
+
  (*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
 
      This method is called to attach a payload to a key during construction.
diff --git a/trunk/include/linux/key-type.h b/trunk/include/linux/key-type.h
index 65833d4d5998..fc8525e838b7 100644
--- a/trunk/include/linux/key-type.h
+++ b/trunk/include/linux/key-type.h
@@ -41,6 +41,9 @@ struct key_type {
 	 */
 	size_t def_datalen;
 
+	/* vet a description */
+	int (*vet_description)(const char *description);
+
 	/* instantiate a key of this type
 	 * - this method should call key_payload_reserve() to determine if the
 	 *   user's quota will hold the payload
diff --git a/trunk/net/rxrpc/ar-key.c b/trunk/net/rxrpc/ar-key.c
index d763793d39de..43ea7de2fc8e 100644
--- a/trunk/net/rxrpc/ar-key.c
+++ b/trunk/net/rxrpc/ar-key.c
@@ -25,6 +25,7 @@
 #include <keys/user-type.h>
 #include "ar-internal.h"
 
+static int rxrpc_vet_description_s(const char *);
 static int rxrpc_instantiate(struct key *, const void *, size_t);
 static int rxrpc_instantiate_s(struct key *, const void *, size_t);
 static void rxrpc_destroy(struct key *);
@@ -52,12 +53,30 @@ EXPORT_SYMBOL(key_type_rxrpc);
  */
 struct key_type key_type_rxrpc_s = {
 	.name		= "rxrpc_s",
+	.vet_description = rxrpc_vet_description_s,
 	.instantiate	= rxrpc_instantiate_s,
 	.match		= user_match,
 	.destroy	= rxrpc_destroy_s,
 	.describe	= rxrpc_describe,
 };
 
+/*
+ * Vet the description for an RxRPC server key
+ */
+static int rxrpc_vet_description_s(const char *desc)
+{
+	unsigned long num;
+	char *p;
+
+	num = simple_strtoul(desc, &p, 10);
+	if (*p != ':' || num > 65535)
+		return -EINVAL;
+	num = simple_strtoul(p + 1, &p, 10);
+	if (*p || num < 1 || num > 255)
+		return -EINVAL;
+	return 0;
+}
+
 /*
  * parse an RxKAD type XDR format token
  * - the caller guarantees we have at least 4 words
diff --git a/trunk/security/keys/key.c b/trunk/security/keys/key.c
index 1c2d43dc5107..8e315ef2e88e 100644
--- a/trunk/security/keys/key.c
+++ b/trunk/security/keys/key.c
@@ -249,6 +249,14 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 	if (!desc || !*desc)
 		goto error;
 
+	if (type->vet_description) {
+		ret = type->vet_description(desc);
+		if (ret < 0) {
+			key = ERR_PTR(ret);
+			goto error;
+		}
+	}
+
 	desclen = strlen(desc) + 1;
 	quotalen = desclen + type->def_datalen;