summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@samba.org>2012-01-17 16:35:50 -0500
committerJeff Layton <jlayton@samba.org>2012-01-17 16:35:50 -0500
commit32238d0e8e0994b0614d31f6922c7bfa56ac74bc (patch)
tree8a632b529d1c860846e85bb6b91258ba92767459
parent4fee11f2e35b08e4184c2f4615074ad0b187b84a (diff)
downloadcifs-utils-32238d0e8e0994b0614d31f6922c7bfa56ac74bc.tar.gz
cifs-utils-32238d0e8e0994b0614d31f6922c7bfa56ac74bc.tar.bz2
cifs-utils-32238d0e8e0994b0614d31f6922c7bfa56ac74bc.zip
cifscreds: make cifscreds use the "logon" key_type
...and have it loosen the permissions to allow searching. There seems to be no clear way to make user keys unreadable, but still allow for them to be searched, so we'll need a new key_type that doesn't allow you to read the payload from userspace. That will be proposed in a separate kernel patch. Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat
-rw-r--r--cifscreds.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/cifscreds.c b/cifscreds.c
index 6079b38..cc8df3f 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -52,6 +52,9 @@
/* destination keyring */
#define DEST_KEYRING KEY_SPEC_SESSION_KEYRING
+#define CIFS_KEY_TYPE "logon"
+#define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \
+ KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH)
struct cmdarg {
char *host;
@@ -223,7 +226,7 @@ key_add(const char *addr, const char *user, const char *pass, char keytype)
/* set payload contents */
len = sprintf(val, "%s:%s", user, pass);
- return add_key("user", desc, val, len + 1, DEST_KEYRING);
+ return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
}
/* add command handler */
@@ -300,10 +303,7 @@ static int cifscreds_add(struct cmdarg *arg)
fprintf(stderr, "error: Add credential key for %s\n",
currentaddress);
} else {
- if (keyctl(KEYCTL_SETPERM, key, KEY_POS_VIEW | \
- KEY_POS_WRITE | KEY_USR_VIEW | \
- KEY_USR_WRITE) < 0
- ) {
+ if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) {
fprintf(stderr, "error: Setting permissons "
"on key, attempt to delete...\n");
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 16:53:56 +0000