diff options
author | David Howells <dhowells@redhat.com> | 2010-02-22 15:46:17 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2010-02-22 16:12:29 +0000 |
commit | 557f01ce1fdd3cc78be3aa74f281160a581c2777 (patch) | |
tree | efa150193c5d049f6885d31d32169583b709e00e | |
parent | 53ad7681eedbe86ca729763ac2d75a90a451648a (diff) | |
download | keyutils-557f01ce1fdd3cc78be3aa74f281160a581c2777.tar.gz |
keyutils historical version 1.0
- Add build dependency on glibc-kernheaders with key management syscall
- Add data pipe-in facility for keyctl request2
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
- Add data pipe-in facilities for keyctl add, update and instantiate
-rw-r--r-- | Makefile | 66 | ||||
-rw-r--r-- | keyctl.1 | 54 | ||||
-rw-r--r-- | keyctl.c | 328 | ||||
-rw-r--r-- | keyutils.c (renamed from keyutil.c) | 4 | ||||
-rw-r--r-- | keyutils.h (renamed from keyutil.h) | 8 | ||||
-rw-r--r-- | keyutils.spec | 56 | ||||
-rw-r--r-- | request-key.c | 20 | ||||
-rw-r--r-- | version.lds | 34 |
8 files changed, 449 insertions, 121 deletions
@@ -1,14 +1,19 @@ -CFLAGS := -g -Wall -O2 +CFLAGS := -g -O2 -Wall INSTALL := install DESTDIR := -MAJOR := 0 -MINOR := 3 +MAJOR := 1 +MINOR := 0 RELEASE := VERSION := $(MAJOR).$(MINOR)$(RELEASE) NO_GLIBC_KEYERR := 0 NO_GLIBC_KEYSYS := 0 BUILDFOR := LIBDIR := /lib +USRLIBDIR := /usr/lib +ARLIB := libkeyutils.a +DEVELLIB := libkeyutils.so +SONAME := libkeyutils.so.$(MAJOR) +LIBNAME := libkeyutils-$(VERSION).so LNS := ln -sf @@ -24,39 +29,55 @@ CFLAGS += -DNO_GLIBC_KEYSYS endif ifeq ($(BUILDFOR),32-bit) -CFLAGS += -m32 -LIBDIR := /lib +CFLAGS += -m32 +LIBDIR := /lib +USRLIBDIR := /usr/lib else ifeq ($(BUILDFOR),64-bit) -CFLAGS += -m64 -LIBDIR := /lib64 +CFLAGS += -m64 +LIBDIR := /lib64 +USRLIBDIR := /usr/lib64 endif endif -all: libkeyutil.so keyctl request-key +all: $(ARLIB) $(DEVELLIB) keyctl request-key + + +$(ARLIB): keyutils.o + $(AR) rcs $@ $< +keyutils.o: keyutils.c keyutils.h Makefile + $(CC) $(CFLAGS) -UNO_GLIBC_KEYERR -o $@ -c $< -libkeyutil.so: libkeyutil.so.$(MAJOR) + +$(DEVELLIB): $(SONAME) ln -sf $< $@ -libkeyutil.so.$(MAJOR): libkeyutil.so.$(VERSION) +$(SONAME): $(LIBNAME) ln -sf $< $@ -libkeyutil.so.$(VERSION): keyutil.c keyutil.h Makefile - $(CC) $(CFLAGS) -fPIC $(LDFLAGS) -shared -Wl,-soname,libkeyutil.so.$(MAJOR) -o $@ keyutil.c $(LIBLIBS) +LIBVERS := -shared -Wl,-soname,$(SONAME) -Wl,--version-script,version.lds + +$(LIBNAME): keyutils.os version.lds Makefile + $(CC) $(CFLAGS) -fPIC $(LDFLAGS) $(LIBVERS) -o $@ keyutils.os $(LIBLIBS) + +keyutils.os: keyutils.c keyutils.h Makefile + $(CC) $(CFLAGS) -fPIC -o $@ -c $< -keyctl: keyctl.c keyutil.h Makefile - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutil -Wl,-rpath,$(LIB) +keyctl: keyctl.c keyutils.h Makefile + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB) -request-key: request-key.c keyutil.h Makefile - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutil -Wl,-rpath,$(LIB) +request-key: request-key.c keyutils.h Makefile + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB) install: all - $(INSTALL) -D libkeyutil.so.$(VERSION) $(DESTDIR)/$(LIBDIR)/libkeyutil.so.$(VERSION) - $(LNS) libkeyutil.so.$(VERSION) $(DESTDIR)/$(LIBDIR)/libkeyutil.so.$(MAJOR) - $(LNS) libkeyutil.so.$(MAJOR) $(DESTDIR)/$(LIBDIR)/libkeyutil.so + $(INSTALL) -D $(ARLIB) $(DESTDIR)/$(USRLIBDIR)/$(ARLIB) + $(INSTALL) -D $(LIBNAME) $(DESTDIR)/$(LIBDIR)/$(LIBNAME) + $(LNS) $(LIBNAME) $(DESTDIR)/$(LIBDIR)/$(SONAME) + mkdir -p $(DESTDIR)/$(USRLIBDIR) + $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)/$(USRLIBDIR)/$(DEVELLIB) $(INSTALL) -D keyctl $(DESTDIR)/bin/keyctl $(INSTALL) -D request-key $(DESTDIR)/sbin/request-key $(INSTALL) -D request-key.conf $(DESTDIR)/etc/request-key.conf @@ -64,9 +85,10 @@ install: all $(INSTALL) -D keyctl.1 $(DESTDIR)/usr/share/man/man1/keyctl.1 $(INSTALL) -D request-key.conf.5 $(DESTDIR)/usr/share/man/man5/request-key.conf.5 $(INSTALL) -D request-key.8 $(DESTDIR)/usr/share/man/man8/request-key.8 - $(INSTALL) -D keyutil.h $(DESTDIR)/usr/include/keyutil.h + $(INSTALL) -D keyutils.h $(DESTDIR)/usr/include/keyutils.h clean: - $(RM) libkeyutil.so libkeyutil.so.$(MAJOR) libkeyutil.so.$(VERSION) + $(RM) libkeyutils* $(RM) keyctl request-key - $(RM) *~ + $(RM) *.o *.os *~ + $(RM) debugfiles.list debugsources.list @@ -15,12 +15,18 @@ keyctl - Key management facility control .br \fBkeyctl\fR add <type> <desc> <data> <keyring> .br +\fBkeyctl\fR padd <type> <desc> <keyring> +.br \fBkeyctl\fR request <type> <desc> [<dest_keyring>] .br \fBkeyctl\fR request2 <type> <desc> <info> [<dest_keyring>] .br +\fBkeyctl\fR prequest2 <type> <desc> [<dest_keyring>] +.br \fBkeyctl\fR update <key> <data> .br +\fBkeyctl\fR pupdate <key> +.br \fBkeyctl\fR newring <name> <keyring> .br \fBkeyctl\fR revoke <key> @@ -61,6 +67,8 @@ keyctl - Key management facility control .br \fBkeyctl\fR instantiate <key> <data> <keyring> .br +\fBkeyctl\fR pinstantiate <key> <keyring> +.br \fBkeyctl\fR negate <key> <timeout> <keyring> .br \fBkeyctl\fR timeout <key> <timeout> @@ -128,6 +136,8 @@ what keys and keyrings they contain. (*) \fBAdd a key to a keyring\fR .P \fBkeyctl add\fR <type> <desc> <data> <keyring> +.br +\fBkeyctl padd\fR <type> <desc> <keyring> .P This command creates a key of the specified type and description; instantiates it with the given data and attaches it to the specified keyring. It then prints @@ -139,22 +149,36 @@ testbox>keyctl add user mykey stuff @u 26 .RE .P +The \fBpadd\fR variant of the command reads the data from stdin rather than +taking it from the command line: +.P +.RS +testbox>echo -n stuff | keyctl padd user mykey @u +.br +26 +.RE +.P (*) \fBRequest a key\fR .P \fBkeyctl request\fR <type> <desc> [<dest_keyring>] .br \fBkeyctl request2\fR <type> <desc> <info> [<dest_keyring>] +.br +\fBkeyctl prequest2\fR <type> <desc> [<dest_keyring>] .P -These two commands request the lookup of a key of the given type and +These three commands request the lookup of a key of the given type and description. The process's keyrings will be searched, and if a match is found the matching key's ID will be printed to stdout; and if a destination keyring is given, the key will be added to that keyring also. .P If there is no key, the first command will simply return the error ENOKEY and -fail. The second command will create a partial key with the type and +fail. The second and third commands will create a partial key with the type and description, and call out to \fB/sbin/request-key\fR with that key and the -extra information supplied above. This will then attempt to instantiate the key -in some manner, such that a valid key is obtained. +extra information supplied. This will then attempt to instantiate the key in +some manner, such that a valid key is obtained. +.P +The third command is like the second, except that the callout information is +read from stdin rather than being passed on the command line. .P If a valid key is obtained, the ID will be printed and the key attached as if the original search had succeeded. @@ -168,6 +192,10 @@ testbox>keyctl request2 user debug:hello wibble .br 23 .br +testbox>echo -n wibble | keyctl prequest2 user debug:hello +.br +23 +.br testbox>keyctl request user debug:hello .br 23 @@ -176,6 +204,8 @@ testbox>keyctl request user debug:hello (*) \fBUpdate a key\fR .P \fBkeyctl update\fR <key> <data> +.br +\fBkeyctl pupdate\fR <key> .P This command replaces the data attached to a key with a new set of data. If the type of the key doesn't support update then error "Operation not supported" @@ -185,6 +215,13 @@ will be returned. testbox>keyctl update 23 zebra .RE .P +The \fBpupdate\fR variant of the command reads the data from stdin rather than +taking it from the command line: +.P +.RS +testbox>echo -n zebra | keyctl pupdate 23 +.RE +.P (*) \fBCreate a keyring\fR .P \fBkeyctl newring\fR <name> <keyring> @@ -500,6 +537,8 @@ keyring;4043;4043;3f1f0000;fish .P \fBkeyctl instantiate\fR <key> <data> <keyring> .br +\fBkeyctl pinstantiate\fR <key> <keyring> +.br \fBkeyctl negate\fR <key> <timeout> <keyring> .P These commands are used to attach data to a partially set up key (as created by @@ -523,6 +562,13 @@ testbox>keyctl instantiate $1 "Debug $3" $4 testbox>keyctl negate $1 30 $4 .RE .P +The \fBpinstantiate\fR variant of the command reads the data from stdin rather +than taking it from the command line: +.P +.RS +testbox>echo -n "Debug $3" | keyctl pinstantiate $1 $4 +.RE +.P (*) \fBSet the expiry time on a key\fR .P \fBkeyctl timeout\fR <key> <timeout> @@ -18,7 +18,7 @@ #include <ctype.h> #include <errno.h> #include <asm/unistd.h> -#include "keyutil.h" +#include "keyutils.h" struct command { int (*action)(int argc, char *argv[]); @@ -28,9 +28,12 @@ struct command { static int act_keyctl_show(int argc, char *argv[]); static int act_keyctl_add(int argc, char *argv[]); +static int act_keyctl_padd(int argc, char *argv[]); static int act_keyctl_request(int argc, char *argv[]); static int act_keyctl_request2(int argc, char *argv[]); +static int act_keyctl_prequest2(int argc, char *argv[]); static int act_keyctl_update(int argc, char *argv[]); +static int act_keyctl_pupdate(int argc, char *argv[]); static int act_keyctl_newring(int argc, char *argv[]); static int act_keyctl_revoke(int argc, char *argv[]); static int act_keyctl_clear(int argc, char *argv[]); @@ -49,15 +52,19 @@ static int act_keyctl_chgrp(int argc, char *argv[]); static int act_keyctl_setperm(int argc, char *argv[]); static int act_keyctl_session(int argc, char *argv[]); static int act_keyctl_instantiate(int argc, char *argv[]); +static int act_keyctl_pinstantiate(int argc, char *argv[]); static int act_keyctl_negate(int argc, char *argv[]); static int act_keyctl_timeout(int argc, char *argv[]); const struct command commands[] = { { act_keyctl_show, "show", "" }, { act_keyctl_add, "add", "<type> <desc> <data> <keyring>" }, + { act_keyctl_padd, "padd", "<type> <desc> <keyring>" }, { act_keyctl_request, "request", "<type> <desc> [<dest_keyring>]" }, { act_keyctl_request2, "request2", "<type> <desc> <info> [<dest_keyring>]" }, + { act_keyctl_prequest2, "prequest2", "<type> <desc> [<dest_keyring>]" }, { act_keyctl_update, "update", "<key> <data>" }, + { act_keyctl_pupdate, "pupdate", "<key>" }, { act_keyctl_newring, "newring", "<name> <keyring>" }, { act_keyctl_revoke, "revoke", "<key>" }, { act_keyctl_clear, "clear", "<keyring>" }, @@ -78,6 +85,7 @@ const struct command commands[] = { { act_keyctl_session, "session", "- [<prog> <arg1> <arg2> ...]" }, { act_keyctl_session, "session", "<name> [<prog> <arg1> <arg2> ...]" }, { act_keyctl_instantiate, "instantiate","<key> <data> <keyring>" }, + { act_keyctl_pinstantiate, "pinstantiate","<key> <keyring>" }, { act_keyctl_negate, "negate", "<key> <timeout> <keyring>" }, { act_keyctl_timeout, "timeout", "<key> <timeout>" }, { NULL, NULL, NULL } @@ -88,6 +96,21 @@ static void format(void) __attribute__((noreturn)); static void error(const char *msg) __attribute__((noreturn)); static key_serial_t get_key_id(const char *arg); +static uid_t myuid; +static gid_t mygid, *mygroups; +static int myngroups; + +/*****************************************************************************/ +/* + * handle an error + */ +static inline void error(const char *msg) +{ + perror(msg); + exit(1); + +} /* end error() */ + /*****************************************************************************/ /* * execute the appropriate subcommand @@ -131,6 +154,22 @@ int main(int argc, char *argv[]) exit(2); } + /* grab my UID, GID and groups */ + myuid = geteuid(); + mygid = getegid(); + myngroups = getgroups(0, NULL); + + if (myuid == -1 || mygid == -1 || myngroups == -1) + error("Unable to get UID/GID/#Groups\n"); + + mygroups = calloc(myngroups, sizeof(gid_t)); + if (!mygroups) + error("calloc"); + + myngroups = getgroups(myngroups, mygroups); + if (myngroups < 0) + error("Unable to get Groups\n"); + return best->action(argc, argv); } /* end main() */ @@ -168,14 +207,82 @@ static void format(void) /*****************************************************************************/ /* - * handle an error + * grab data from stdin */ -static inline void error(const char *msg) +static char *grab_stdin(void) { - perror(msg); - exit(1); + static char input[65536 + 1]; + int n, tmp; -} /* end error() */ + n = 0; + do { + tmp = read(0, input + n, sizeof(input) - 1 - n); + if (tmp < 0) + error("stdin"); + + if (tmp == 0) + break; + + n += tmp; + + } while (n < sizeof(input)); + + if (n >= sizeof(input)) { + fprintf(stderr, "Too much data read on stdin\n"); + exit(1); + } + + input[n] = '\0'; + + return input; + +} /* end grab_stdin() */ + +/*****************************************************************************/ +/* + * convert the permissions mask to a string representing the permissions we + * have actually been granted + */ +static void calc_perms(char *pretty, key_perm_t perm, uid_t uid, gid_t gid) +{ + unsigned perms; + gid_t *pg; + int loop; + + perms = (perm & KEY_POS_ALL) >> 24; + + if (uid == myuid) { + perms |= (perm & KEY_USR_ALL) >> 16; + goto write_mask; + } + + if (gid != -1) { + if (gid == mygid) { + perms |= (perm & KEY_GRP_ALL) >> 8; + goto write_mask; + } + + pg = mygroups; + for (loop = myngroups; loop > 0; loop--, pg++) { + if (gid == *pg) { + perms |= (perm & KEY_GRP_ALL) >> 8; + goto write_mask; + } + } + } + + perms |= (perm & KEY_OTH_ALL); + +write_mask: + sprintf(pretty, "--%c%c%c%c%c%c", + perms & KEY_OTH_SETATTR ? 'a' : '-', + perms & KEY_OTH_LINK ? 'l' : '-', + perms & KEY_OTH_SEARCH ? 's' : '-', + perms & KEY_OTH_WRITE ? 'w' : '-', + perms & KEY_OTH_READ ? 'r' : '-', + perms & KEY_OTH_VIEW ? 'v' : '-'); + +} /* end calc_perms() */ /*****************************************************************************/ /* @@ -217,6 +324,28 @@ static int act_keyctl_add(int argc, char *argv[]) /*****************************************************************************/ /* + * add a key, reading from a pipe + */ +static int act_keyctl_padd(int argc, char *argv[]) +{ + char *args[6]; + + if (argc != 4) + format(); + + args[0] = argv[0]; + args[1] = argv[1]; + args[2] = argv[2]; + args[3] = grab_stdin(); + args[4] = argv[3]; + args[5] = NULL; + + return act_keyctl_add(5, args); + +} /* end act_keyctl_padd() */ + +/*****************************************************************************/ +/* * request a key */ static int act_keyctl_request(int argc, char *argv[]) @@ -269,6 +398,29 @@ static int act_keyctl_request2(int argc, char *argv[]) /*****************************************************************************/ /* + * request a key, with recourse to /sbin/request-key, reading the callout info + * from a pipe + */ +static int act_keyctl_prequest2(int argc, char *argv[]) +{ + char *args[6]; + + if (argc != 3 && argc != 4) + format(); + + args[0] = argv[0]; + args[1] = argv[1]; + args[2] = argv[2]; + args[3] = grab_stdin(); + args[4] = argv[3]; + args[5] = NULL; + + return act_keyctl_request2(argc + 1, args); + +} /* end act_keyctl_prequest2() */ + +/*****************************************************************************/ +/* * update a key */ static int act_keyctl_update(int argc, char *argv[]) @@ -289,6 +441,26 @@ static int act_keyctl_update(int argc, char *argv[]) /*****************************************************************************/ /* + * update a key, reading from a pipe + */ +static int act_keyctl_pupdate(int argc, char *argv[]) +{ + char *args[4]; + + if (argc != 2) + format(); + + args[0] = argv[0]; + args[1] = argv[1]; + args[2] = grab_stdin(); + args[3] = NULL; + + return act_keyctl_update(3, args); + +} /* end act_keyctl_pupdate() */ + +/*****************************************************************************/ +/* * create a new keyring */ static int act_keyctl_newring(int argc, char *argv[]) @@ -495,8 +667,8 @@ static int act_keyctl_pipe(int argc, char *argv[]) if (ret < 0) error("keyctl_read_alloc"); - if (ret > 0) - write(1, buffer, ret); + if (ret > 0 && write(1, buffer, ret) < 0) + error("write"); return 0; } /* end act_keyctl_pipe() */ @@ -552,10 +724,10 @@ static int act_keyctl_list(int argc, char *argv[]) key_serial_t keyring, key, *pk; key_perm_t perm; void *keylist; - char *buffer; + char *buffer, pretty_mask[9]; uid_t uid; gid_t gid; - int count, tlen, dpos, dlen, ret; + int count, tlen, dpos, n, ret; if (argc != 2) format(); @@ -596,32 +768,19 @@ static int act_keyctl_list(int argc, char *argv[]) tlen = -1; dpos = -1; - dlen = -1; - sscanf((char *) buffer, "%*[^;]%n;%d;%d;%x;%n%*[^;]%n", - &tlen, &uid, &gid, &perm, &dpos, &dlen); - if (dlen == -1) { + n = sscanf((char *) buffer, "%*[^;]%n;%d;%d;%x;%n", + &tlen, &uid, &gid, &perm, &dpos); + if (n != 3) { fprintf(stderr, "Unparseable description obtained for key %d\n", key); exit(3); } - printf("%9d: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d %*.*s: %s\n", + calc_perms(pretty_mask, perm, uid, gid); + + printf("%9d: %s %5d %5d %*.*s: %s\n", key, - perm & KEY_USR_VIEW ? 'v' : '-', - perm & KEY_USR_READ ? 'r' : '-', - perm & KEY_USR_WRITE ? 'w' : '-', - perm & KEY_USR_SEARCH ? 's' : '-', - perm & KEY_USR_LINK ? 'l' : '-', - perm & KEY_GRP_VIEW ? 'v' : '-', - perm & KEY_GRP_READ ? 'r' : '-', - perm & KEY_GRP_WRITE ? 'w' : '-', - perm & KEY_GRP_SEARCH ? 's' : '-', - perm & KEY_GRP_LINK ? 'l' : '-', - perm & KEY_OTH_VIEW ? 'v' : '-', - perm & KEY_OTH_READ ? 'r' : '-', - perm & KEY_OTH_WRITE ? 'w' : '-', - perm & KEY_OTH_SEARCH ? 's' : '-', - perm & KEY_OTH_LINK ? 'l' : '-', + pretty_mask, uid, gid, tlen, tlen, buffer, buffer + dpos); @@ -683,7 +842,7 @@ static int act_keyctl_describe(int argc, char *argv[]) char *buffer; uid_t uid; gid_t gid; - int tlen, dpos, dlen, ret; + int tlen, dpos, n, ret; if (argc != 2) format(); @@ -702,33 +861,46 @@ static int act_keyctl_describe(int argc, char *argv[]) tlen = -1; dpos = -1; - dlen = -1; - sscanf(buffer, "%*[^;]%n;%d;%d;%x;%n%*[^;]%n", - &tlen, &uid, &gid, &perm, &dpos, &dlen); - if (dlen == -1) { + n = sscanf(buffer, "%*[^;]%n;%d;%d;%x;%n", + &tlen, &uid, &gid, &perm, &dpos); + if (n != 3) { fprintf(stderr, "Unparseable description obtained for key %d\n", key); exit(3); } /* display it */ - printf("%9d: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d %*.*s: %s\n", + printf("%9d:" + " %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c" + " %5d %5d %*.*s: %s\n", key, - perm & KEY_USR_VIEW ? 'v' : '-', - perm & KEY_USR_READ ? 'r' : '-', - perm & KEY_USR_WRITE ? 'w' : '-', - perm & KEY_USR_SEARCH ? 's' : '-', + perm & KEY_POS_SETATTR ? 'a' : '-', + perm & KEY_POS_LINK ? 'l' : '-', + perm & KEY_POS_SEARCH ? 's' : '-', + perm & KEY_POS_WRITE ? 'w' : '-', + perm & KEY_POS_READ ? 'r' : '-', + perm & KEY_POS_VIEW ? 'v' : '-', + + perm & KEY_USR_SETATTR ? 'a' : '-', perm & KEY_USR_LINK ? 'l' : '-', - perm & KEY_GRP_VIEW ? 'v' : '-', - perm & KEY_GRP_READ ? 'r' : '-', - perm & KEY_GRP_WRITE ? 'w' : '-', - perm & KEY_GRP_SEARCH ? 's' : '-', + perm & KEY_USR_SEARCH ? 's' : '-', + perm & KEY_USR_WRITE ? 'w' : '-', + perm & KEY_USR_READ ? 'r' : '-', + perm & KEY_USR_VIEW ? 'v' : '-', + + perm & KEY_GRP_SETATTR ? 'a' : '-', perm & KEY_GRP_LINK ? 'l' : '-', - perm & KEY_OTH_VIEW ? 'v' : '-', - perm & KEY_OTH_READ ? 'r' : '-', - perm & KEY_OTH_WRITE ? 'w' : '-', - perm & KEY_OTH_SEARCH ? 's' : '-', + perm & KEY_GRP_SEARCH ? 's' : '-', + perm & KEY_GRP_WRITE ? 'w' : '-', + perm & KEY_GRP_READ ? 'r' : '-', + perm & KEY_GRP_VIEW ? 'v' : '-', + + perm & KEY_OTH_SETATTR ? 'a' : '-', perm & KEY_OTH_LINK ? 'l' : '-', + perm & KEY_OTH_SEARCH ? 's' : '-', + perm & KEY_OTH_WRITE ? 'w' : '-', + perm & KEY_OTH_READ ? 'r' : '-', + perm & KEY_OTH_VIEW ? 'v' : '-', uid, gid, tlen, tlen, buffer, buffer + dpos); @@ -925,6 +1097,27 @@ static int act_keyctl_instantiate(int argc, char *argv[]) /*****************************************************************************/ /* + * instantiate a key, reading from a pipe + */ +static int act_keyctl_pinstantiate(int argc, char *argv[]) +{ + char *args[5]; + + if (argc != 3) + format(); + + args[0] = argv[0]; + args[1] = argv[1]; + args[2] = grab_stdin(); + args[3] = argv[2]; + args[4] = NULL; + + return act_keyctl_instantiate(4, args); + +} /* end act_keyctl_pinstantiate() */ + +/*****************************************************************************/ +/* * negate a key that's under construction */ static int act_keyctl_negate(int argc, char *argv[]) @@ -1026,8 +1219,8 @@ static int dump_key_tree_aux(key_serial_t key, int depth, int more) key_perm_t perm; size_t ringlen, desclen; void *payload; - char *desc, type[255]; - int uid, gid, ret, n, rdepth, kcount = 0; + char *desc, type[255], pretty_mask[9]; + int uid, gid, ret, n, dpos, rdepth, kcount = 0; if (depth > 8) return 0; @@ -1061,34 +1254,25 @@ static int dump_key_tree_aux(key_serial_t key, int depth, int more) uid = 0; gid = 0; perm = 0; - sscanf(desc, "%[^;];%d;%d;%x;%n", - type, &uid, &gid, &perm, &n); + + n = sscanf(desc, "%[^;];%d;%d;%x;%n", + type, &uid, &gid, &perm, &dpos); + + if (n != 4) { + fprintf(stderr, "Unparseable description obtained for key %d\n", key); + exit(3); + } /* and print */ - printf("%9d" - " %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d " - " %s%s%s: %s\n" - , + calc_perms(pretty_mask, perm, uid, gid); + + printf("%9d %s %5d %5d %s%s%s: %s\n", key, - perm & KEY_USR_LINK ? 'l' : '-', - perm & KEY_USR_SEARCH ? 's' : '-', - perm & KEY_USR_WRITE ? 'w' : '-', - perm & KEY_USR_READ ? 'r' : '-', - perm & KEY_USR_VIEW ? 'v' : '-', - perm & KEY_GRP_LINK ? 'l' : '-', - perm & KEY_GRP_SEARCH ? 's' : '-', - perm & KEY_GRP_WRITE ? 'w' : '-', - perm & KEY_GRP_READ ? 'r' : '-', - perm & KEY_GRP_VIEW ? 'v' : '-', - perm & KEY_OTH_LINK ? 'l' : '-', - perm & KEY_OTH_SEARCH ? 's' : '-', - perm & KEY_OTH_WRITE ? 'w' : '-', - perm & KEY_OTH_READ ? 'r' : '-', - perm & KEY_OTH_VIEW ? 'v' : '-', + pretty_mask, uid, gid, dumpindent, depth > 0 ? "\\_ " : "", - type, desc + n); + type, desc + dpos); /* if it's a keyring then we're going to want to recursively * display it if we can */ @@ -1,4 +1,4 @@ -/* keyutil.c: key utility library +/* keyutils.c: key utility library * * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) @@ -18,7 +18,7 @@ #include <dlfcn.h> #include <errno.h> #include <asm/unistd.h> -#include "keyutil.h" +#include "keyutils.h" #ifdef NO_GLIBC_KEYERR static int error_inited; @@ -1,4 +1,4 @@ -/* keyutil.h: key utility library interface +/* keyutils.h: key utility library interface * * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) @@ -9,8 +9,8 @@ * 2 of the License, or (at your option) any later version. */ -#ifndef KEYUTIL_H -#define KEYUTIL_H +#ifndef KEYUTILS_H +#define KEYUTILS_H #include <stdint.h> @@ -140,4 +140,4 @@ extern int keyctl_describe_alloc(key_serial_t id, char **_buffer); extern int keyctl_read_alloc(key_serial_t id, void **_buffer); -#endif /* KEYUTIL_H */ +#endif /* KEYUTILS_H */ diff --git a/keyutils.spec b/keyutils.spec index 1557ef6..4b5f4f2 100644 --- a/keyutils.spec +++ b/keyutils.spec @@ -1,11 +1,12 @@ -%define vermajor 0 -%define version %{vermajor}.3 +%define vermajor 1 +%define version %{vermajor}.0 %define _exec_prefix / +%define usrlibdir %{_prefix}/%{_lib} Summary: Linux Key Management Utilities Name: keyutils Version: %{version} -Release: 3 +Release: 2 License: GPL/LGPL Group: System Environment/Base ExclusiveOS: Linux @@ -13,12 +14,21 @@ ExclusiveOS: Linux Source0: http://people.redhat.com/~dhowells/keyutils/keyutils-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +BuildRequires: glibc-kernheaders >= 2.4-9.1.92 %description Utilities to control the kernel key management facility and to provide a mechanism by which the kernel call back to userspace to get a key instantiated. +%package libs +Summary: Key utilities library +Group: System Environment/Base + +%description libs +This package provides a wrapper library for the key management facility system +calls. + %package devel Summary: Development package for building linux key management utilities Group: System Environment/Base @@ -30,32 +40,60 @@ This package provides headers and libraries for building key utilities. %setup -q %build -make LIBDIR=%{_libdir} RELEASE=.%{release} NO_GLIBC_KEYERR=1 +make \ + LIBDIR=%{_libdir} \ + USRLIBDIR=%{usrlibdir} \ + RELEASE=.%{release} \ + NO_GLIBC_KEYERR=1 \ + CFLAGS="-Wall $RPM_OPT_FLAGS" %install rm -rf $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT LIBDIR=%{_libdir} RELEASE=.%{release} install +make DESTDIR=$RPM_BUILD_ROOT LIBDIR=%{_libdir} USRLIBDIR=%{usrlibdir} RELEASE=.%{release} install %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -%doc README LICENCE.GPL LICENCE.LGPL -%{_libdir}/libkeyutil.so.%{version}.%{release} -%{_libdir}/libkeyutil.so.%{vermajor} +%doc README LICENCE.GPL /sbin/* /bin/* /usr/share/keyutils/* %{_mandir}/* %config(noreplace) /etc/* +%files libs +%defattr(-,root,root,-) +%doc LICENCE.LGPL +%{_libdir}/libkeyutils-%{version}.%{release}.so +%{_libdir}/libkeyutils.so.%{vermajor} + %files devel %defattr(-,root,root,-) -%{_libdir}/libkeyutil.so +%{usrlibdir}/libkeyutils.a +%{usrlibdir}/libkeyutils.so %{_includedir}/* %changelog +* Mon Dec 5 2005 David Howells <dhowells@redhat.com> - 1.0-2 +- Add build dependency on glibc-kernheaders with key management syscall numbers + +* Tue Nov 29 2005 David Howells <dhowells@redhat.com> - 1.0-1 +- Add data pipe-in facility for keyctl request2 + +* Mon Nov 28 2005 David Howells <dhowells@redhat.com> - 1.0-1 +- Rename library and header file "keyutil" -> "keyutils" for consistency +- Fix shared library version naming to same way as glibc. +- Add versioning for shared library symbols +- Create new keyutils-libs package and install library and main symlink there +- Install base library symlink in /usr/lib and place in devel package +- Added a keyutils archive library +- Shorten displayed key permissions list to just those we actually have + +* Thu Nov 24 2005 David Howells <dhowells@redhat.com> - 0.3-4 +- Add data pipe-in facilities for keyctl add, update and instantiate + * Fri Nov 18 2005 David Howells <dhowells@redhat.com> - 0.3-3 - Added stdint.h inclusion in keyutils.h - Made request-key.c use request_key() rather than keyctl_search() diff --git a/request-key.c b/request-key.c index 9b8863b..d58479e 100644 --- a/request-key.c +++ b/request-key.c @@ -29,7 +29,7 @@ #include <ctype.h> #include <sys/select.h> #include <sys/wait.h> -#include "keyutil.h" +#include "keyutils.h" static int xdebug; @@ -128,7 +128,7 @@ int main(int argc, char *argv[]) { key_serial_t key; char *ktype, *kdesc, *buf, *callout_info; - int ret, ntype, dpos, dlen, fd; + int ret, ntype, dpos, n, fd; signal(SIGSEGV, oops); signal(SIGBUS, oops); @@ -176,9 +176,11 @@ int main(int argc, char *argv[]) key = atoi(xkey); - /* assume authority over the key */ + /* assume authority over the key + * - older kernel doesn't support this function + */ ret = keyctl_assume_authority(key); - if (ret < 0) + if (ret < 0 && !(argc == 9 || errno == EOPNOTSUPP)) error("Failed to assume authority over key %d (%m)\n", key); /* ask the kernel to describe the key to us */ @@ -195,10 +197,9 @@ int main(int argc, char *argv[]) debug("Key descriptor: \"%s\"\n", buf); ntype = -1; dpos = -1; - dlen = -1; - sscanf(buf, "%*[^;]%n;%*d;%*d;%*x;%n%*[^;]%n", &ntype, &dpos, &dlen); - if (dlen == -1) + n = sscanf(buf, "%*[^;]%n;%*d;%*d;%x;%n", &ntype, &n, &dpos); + if (n != 1) error("Failed to parse key description\n"); ktype = buf; @@ -708,7 +709,10 @@ static void pipe_to_program(char *op, if (tmp < 0) error("select failed: %m\n"); - debug("select -> %d r=%x w=%x\n", tmp, *(unsigned *) &rfds, *(unsigned *) &wfds); + debug("select -> %d r=%x w=%x\n", + tmp, + *(unsigned *) (void *) &rfds, + *(unsigned *) (void *) &wfds); if (TOSTDIN != -1 && FD_ISSET(TOSTDIN, &wfds)) { tmp = write(TOSTDIN, pc, ninfo); diff --git a/version.lds b/version.lds new file mode 100644 index 0000000..05474db --- /dev/null +++ b/version.lds @@ -0,0 +1,34 @@ +KEYUTILS_0.3 { + + /* primary syscalls; may be overridden by glibc */ + add_key; + request_key; + keyctl; + + /* management functions */ + keyctl_chown; + keyctl_clear; + keyctl_describe; + keyctl_describe_alloc; + keyctl_get_keyring_ID; + keyctl_instantiate; + keyctl_join_session_keyring; + keyctl_link; + keyctl_negate; + keyctl_read; + keyctl_read_alloc; + keyctl_revoke; + keyctl_search; + keyctl_setperm; + keyctl_set_reqkey_keyring; + keyctl_unlink; + keyctl_update; + +}; + +KEYUTILS_1.0 { + /* management functions */ + keyctl_assume_authority; + keyctl_set_timeout; + +} KEYUTILS_0.3; |