[PATCH] Keys: Replace duplicate non-updateable keys rather than failing

Cause an attempt to add a duplicate non-updateable key (such as a keyring) to a keyring to discard the extant copy in favour of the new one rather than failing with EEXIST: # do the test in an empty session keyctl session # create a new keyring called "a" and attach to session keyctl newring a @s # create another new keyring called "a" and attach to session, # displacing the keyring added by the second command: keyctl newring a @s Without this patch, the third command will fail. For updateable keys (such as those of "user" type), the update method will still be called rather than a new key being created. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
mariux64 · Mar 25, 2006 · 1d9b7d9 · 1d9b7d9
1 parent 3dccff8
commit 1d9b7d9
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/security/keys/key.c b/security/keys/key.c
@@ -795,12 +795,16 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 		goto error_3;
 	}
 
-	/* search for an existing key of the same type and description in the
-	 * destination keyring
+	/* if it's possible to update this type of key, search for an existing
+	 * key of the same type and description in the destination keyring and
+	 * update that instead if possible
 	 */
-	key_ref = __keyring_search_one(keyring_ref, ktype, description, 0);
-	if (!IS_ERR(key_ref))
-		goto found_matching_key;
+	if (ktype->update) {
+		key_ref = __keyring_search_one(keyring_ref, ktype, description,
+					       0);
+		if (!IS_ERR(key_ref))
+			goto found_matching_key;
+	}
 
 	/* decide on the permissions we want */
 	perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;