• David Howells's avatar
    KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags · 054f6180
    David Howells authored
    Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags to be two variations of the
    same flag.  They are effectively mutually exclusive and one or the other
    should be provided, but not both.
    
    Keyring cycle detection and key possession determination are the only things
    that set NO_STATE_CHECK, except that neither flag really does anything there
    because neither purpose makes use of the keyring_search_iterator() function,
    but rather provides their own.
    
    For cycle detection we definitely want to check inside of expired keyrings,
    just so that we don't create a cycle we can't get rid of.  Revoked keyrings
    are cleared at revocation time and can't then be reused, so shouldn't be a
    problem either way.
    
    For possession determination, we *might* want to validate each keyring before
    searching it: do you possess a key that's hidden behind an expired or just
    plain inaccessible keyring?  Currently, the answer is yes.  Note that you
    cannot, however, possess a key behind a revoked keyring because they are
    cleared on revocation.
    
    keyring_search() sets DO_STATE_CHECK, which is correct.
    
    request_key_and_link() currently doesn't specify whether to check the key
    state or not - but it should set DO_STATE_CHECK.
    
    key_get_instantiation_authkey() also currently doesn't specify whether to
    check the key state or not - but it probably should also set DO_STATE_CHECK.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Tested-by: default avatarChuck Lever <chuck.lever@oracle.com>
    054f6180
keyring.c 36.8 KB