KEYS: Skip key state checks when checking for possession
authorDavid Howells <dhowells@redhat.com>
Tue, 24 Sep 2013 09:35:13 +0000 (10:35 +0100)
committerDavid Howells <dhowells@redhat.com>
Tue, 24 Sep 2013 09:35:13 +0000 (10:35 +0100)
commit61ea0c0ba904a55f55317d850c1072ff7835ac92
tree259f6872bc88d1cb4e94e405d5273c6dbc678175
parent5a5f2acfd04269e2e0958067216b68ff461c285c
KEYS: Skip key state checks when checking for possession

Skip key state checks (invalidation, revocation and expiration) when checking
for possession.  Without this, keys that have been marked invalid, revoked
keys and expired keys are not given a possession attribute - which means the
possessor is not granted any possession permits and cannot do anything with
them unless they also have one a user, group or other permit.

This causes failures in the keyutils test suite's revocation and expiration
tests now that commit 96b5c8fea6c0861621051290d705ec2e971963f1 reduced the
initial permissions granted to a key.

The failures are due to accesses to revoked and expired keys being given
EACCES instead of EKEYREVOKED or EKEYEXPIRED.

Signed-off-by: David Howells <dhowells@redhat.com>
security/keys/internal.h
security/keys/process_keys.c
security/keys/request_key.c
security/keys/request_key_auth.c