KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key
authorDavid Howells <dhowells@redhat.com>
Fri, 11 Jun 2010 16:31:05 +0000 (17:31 +0100)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:34:27 +0000 (15:34 +1000)
commit9156235b3427d6f01c5c95022f72f381f07583f5
tree16df30be93847e73a3b188b98f9ef2e034d82a90
parent57c2590fb7fd38bd52708ff2716a577d0c2b3c5a
KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key

Authorise a process to perform keyctl_set_timeout() on an uninstantiated key if
that process has the authorisation key for it.

This allows the instantiator to set the timeout on a key it is instantiating -
provided it does it before instantiating the key.

For instance, the test upcall script provided with the keyutils package could
be modified to set the expiry to an hour hence before instantiating the key:

[/usr/share/keyutils/request-key-debug.sh]
 if [ "$3" != "neg" ]
 then
+    keyctl timeout $1 3600
     keyctl instantiate $1 "Debug $3" $4 || exit 1
 else

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/keys/keyctl.c