keys: Invalidate used request_key authentication keys
Invalidate used request_key authentication keys rather than revoking them so that they get cleaned up immediately rather than potentially hanging around. There doesn't seem any need to keep the revoked keys around. Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
504b69eb3c
commit
a09003b5d7
|
@ -459,7 +459,7 @@ static int __key_instantiate_and_link(struct key *key,
|
||||||
|
|
||||||
/* disable the authorisation key */
|
/* disable the authorisation key */
|
||||||
if (authkey)
|
if (authkey)
|
||||||
key_revoke(authkey);
|
key_invalidate(authkey);
|
||||||
|
|
||||||
if (prep->expiry != TIME64_MAX) {
|
if (prep->expiry != TIME64_MAX) {
|
||||||
key->expiry = prep->expiry;
|
key->expiry = prep->expiry;
|
||||||
|
@ -616,7 +616,7 @@ int key_reject_and_link(struct key *key,
|
||||||
|
|
||||||
/* disable the authorisation key */
|
/* disable the authorisation key */
|
||||||
if (authkey)
|
if (authkey)
|
||||||
key_revoke(authkey);
|
key_invalidate(authkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
mutex_unlock(&key_construction_mutex);
|
mutex_unlock(&key_construction_mutex);
|
||||||
|
|
|
@ -222,7 +222,7 @@ static int construct_key(struct key *key, const void *callout_info,
|
||||||
/* check that the actor called complete_request_key() prior to
|
/* check that the actor called complete_request_key() prior to
|
||||||
* returning an error */
|
* returning an error */
|
||||||
WARN_ON(ret < 0 &&
|
WARN_ON(ret < 0 &&
|
||||||
!test_bit(KEY_FLAG_REVOKED, &authkey->flags));
|
!test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));
|
||||||
|
|
||||||
key_put(authkey);
|
key_put(authkey);
|
||||||
kleave(" = %d", ret);
|
kleave(" = %d", ret);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user