Merge tag 'keys-next-20150123' of...

	U	Under construction by callback to userspace

	N	Negative key

     This file must be enabled at kernel configuration time as it allows anyone

     to list the keys database.

 (*) /proc/key-users

kernel/system_certificates.o: $(obj)/x509_certificate_list

quiet_cmd_x509certs  = CERTS   $@

      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo "  - Including cert $(X509)")

      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) "  - Including cert $(X509)")

targets += $(obj)/x509_certificate_list

$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list

static struct token *token_list;

static unsigned nr_tokens;

static _Bool verbose;

#define debug(fmt, ...) do { if (verbose) printf(fmt, ## __VA_ARGS__); } while (0)

static int directive_compare(const void *_key, const void *_pdir)

{

	dlen = strlen(dir);

	clen = (dlen < token->size) ? dlen : token->size;

	//printf("cmp(%*.*s,%s) = ",

	//debug("cmp(%*.*s,%s) = ",

	//       (int)token->size, (int)token->size, token->value,

	//       dir);

	val = memcmp(token->value, dir, clen);

	if (val != 0) {

		//printf("%d [cmp]\n", val);

		//debug("%d [cmp]\n", val);

		return val;

	}

	if (dlen == token->size) {

		//printf("0\n");

		//debug("0\n");

		return 0;

	}

	//printf("%d\n", (int)dlen - (int)token->size);

	//debug("%d\n", (int)dlen - (int)token->size);

	return dlen - token->size; /* shorter -> negative */

}

	}

	nr_tokens = tix;

	printf("Extracted %u tokens\n", nr_tokens);

	debug("Extracted %u tokens\n", nr_tokens);

#if 0

	{

		int n;

		for (n = 0; n < nr_tokens; n++)

			printf("Token %3u: '%*.*s'\n",

			debug("Token %3u: '%*.*s'\n",

			       n,

			       (int)token_list[n].size, (int)token_list[n].size,

			       token_list[n].value);

	ssize_t readlen;

	FILE *out, *hdr;

	char *buffer, *p;

	char *kbuild_verbose;

	int fd;

	if (argc != 4) {

		exit(2);

	}

	kbuild_verbose = getenv("KBUILD_VERBOSE");

	if (kbuild_verbose)

		verbose = atoi(kbuild_verbose);

	filename = argv[1];

	outputname = argv[2];

	headername = argv[3];

	qsort(type_index, nr, sizeof(type_index[0]), type_index_compare);

	printf("Extracted %u types\n", nr_types);

	debug("Extracted %u types\n", nr_types);

#if 0

	for (n = 0; n < nr_types; n++) {

		struct type *type = type_index[n];

		printf("- %*.*s\n",

		debug("- %*.*s\n",

		       (int)type->name->size,

		       (int)type->name->size,

		       type->name->value);

	} while (type++, !(type->flags & TYPE_STOP_MARKER));

	printf("Extracted %u actions\n", nr_actions);

	debug("Extracted %u actions\n", nr_actions);

}

static struct element *element_list;

	}

	/* We do two passes - the first one calculates all the offsets */

	printf("Pass 1\n");

	debug("Pass 1\n");

	nr_entries = 0;

	root = &type_list[0];

	render_element(NULL, root->element, NULL);

		e->flags &= ~ELEMENT_RENDERED;

	/* And then we actually render */

	printf("Pass 2\n");

	debug("Pass 2\n");

	fprintf(out, "\n");

	fprintf(out, "static const unsigned char %s_machine[] = {\n",

		grammar_name);

	  Userspace only ever sees/stores encrypted blobs.

	  If you are unsure as to whether this is required, answer N.

config KEYS_DEBUG_PROC_KEYS

	bool "Enable the /proc/keys file by which keys may be viewed"

	depends on KEYS

	help

	  This option turns on support for the /proc/keys file - through which

	  can be listed all the keys on the system that are viewable by the

	  reading process.

	  The only keys included in the list are those that grant View

	  permission to the reading process whether or not it possesses them.

	  Note that LSM security checks are still performed, and may further

	  filter out keys that the current process is not authorised to view.

	  Only key attributes are listed here; key payloads are not included in

	  the resulting table.

	  If you are unsure as to whether this is required, answer N.

#include <asm/errno.h>

#include "internal.h"

#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS

static int proc_keys_open(struct inode *inode, struct file *file);

static void *proc_keys_start(struct seq_file *p, loff_t *_pos);

static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);

	.llseek		= seq_lseek,

	.release	= seq_release,

};

#endif

static int proc_key_users_open(struct inode *inode, struct file *file);

static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);

{

	struct proc_dir_entry *p;

#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS

	p = proc_create("keys", 0, NULL, &proc_keys_fops);

	if (!p)

		panic("Cannot create /proc/keys\n");

#endif

	p = proc_create("key-users", 0, NULL, &proc_key_users_fops);

	if (!p)

 * Implement "/proc/keys" to provide a list of the keys on the system that

 * grant View permission to the caller.

 */

#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS

static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)

{

	struct user_namespace *user_ns = seq_user_ns(p);

	return 0;

}

#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */

static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)

{

	while (n) {