ecryptfs: propagate key errors up at mount time
authorEric Sandeen <sandeen@redhat.com>
Thu, 24 Jul 2008 04:30:04 +0000 (21:30 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 24 Jul 2008 17:47:31 +0000 (10:47 -0700)
Mounting with invalid key signatures should probably fail, if they were
specifically requested but not available.

Also fix case checks in process_request_key_err() for the right sign of
the errnos, as spotted by Jan Tluka.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Jan Tluka <jtluka@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/ecryptfs/keystore.c
fs/ecryptfs/main.c

index e82b457180be78706e4b829c4dec0ea15db82178..f5b76a331b9c743a3679ae69022f288c60b0f229 100644 (file)
@@ -44,15 +44,15 @@ static int process_request_key_err(long err_code)
        int rc = 0;
 
        switch (err_code) {
-       case ENOKEY:
+       case -ENOKEY:
                ecryptfs_printk(KERN_WARNING, "No key\n");
                rc = -ENOENT;
                break;
-       case EKEYEXPIRED:
+       case -EKEYEXPIRED:
                ecryptfs_printk(KERN_WARNING, "Key expired\n");
                rc = -ETIME;
                break;
-       case EKEYREVOKED:
+       case -EKEYREVOKED:
                ecryptfs_printk(KERN_WARNING, "Key revoked\n");
                rc = -EINVAL;
                break;
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
        if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
                printk(KERN_ERR "Could not find key with description: [%s]\n",
                       sig);
-               process_request_key_err(PTR_ERR(*auth_tok_key));
-               rc = -EINVAL;
+               rc = process_request_key_err(PTR_ERR(*auth_tok_key));
                goto out;
        }
        (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
index f36ab2feea280fb4389ebee7646fa5ff74879726..8876fe7c76e28e2be30f87d5f478ff0de885785e 100644 (file)
@@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_toks(
                               "session keyring for sig specified in mount "
                               "option: [%s]\n", global_auth_tok->sig);
                        global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
-                       rc = 0;
+                       goto out;
                } else
                        global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
        }
+out:
        return rc;
 }
 
@@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
                printk(KERN_WARNING "One or more global auth toks could not "
                       "properly register; rc = [%d]\n", rc);
        }
-       rc = 0;
 out:
        return rc;
 }