Age | Commit message (Collapse) | Author | Files | Lines |
|
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
"As discussed face-to-face and by email, there are a number of
man pages in keyutils that document kernel APIs. The more natural
home for these pages is Linux man-pages. I've already migrated
the pages listed below into Linux man-pages, and subsequently
enhanced various pages. They'll be released with the next release of
man-pages (around the end of Feb 2017)."
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
As discussed face-to-face and by email, there are a number of
man pages in keyutils that document kernel APIs. The more natural
home for these pages is Linux man-pages. I've already migrated
the pages listed below into Linux man-pages, and subsequently
enhanced various pages. They'll be released with the next release of
man-pages (around the end of Feb 2017).
keyrings.7
persistent-keyring.7
process-keyring.7
session-keyring.7
thread-keyring.7
user-keyring.7
user-session-keyring.7
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The norm for man pages is that the NAME line is formatted as a single
line without line breaks. The patched pages violate that norm,
and break various tools that process man page input
(such as my own scripts to format pages for man7.org).
Squash the NAME lines in the pages that have this problem, so that
a single line is produced. This necessarily entails abbreviating
the descriptive text somewhat, but I don't think this is a loss.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Normal man pages convention is that the phrase following
the dash is not capitalized.
Also, one or two other minor clean-ups in the NAME line.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Always format functions as: .BR func ()
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Format 'errno' with .I. Format error constants in bold.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Utilizes the new expect_multiline toolbox function to avoid false
positives. The expected output is converted to a heredoc and properly
quoted to preserve newlines.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
expect_payload only looks at the last line of the output file, so it
doesn't work for commands that output multiple lines. expect_multiline
counts the lines in the expected value and extracts that number of
lines from the output file for comparison and assignment.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Created a new manual page for section 3 for the keyctl_dh_compute and
keyctl_dh_compute_alloc functions and listed these functions in the
man3 page for keyctl. Updated the man1 page for the new 'keyctl
dh_compute' command.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
SEE ALSO entries are ordered first by section, then
alphabetically within section.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
request_key() is in Section 2, not 3.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
* Don't force each entry onto new line
* Choose ragged right hand margin and disable hyphenation
* Use hard dashes in page names, to prevent hyphenation
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Most pages use ".BR" markup. Make the others
(that use \fB..\fR) use the same mark-up.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The "keyctl" pattern was causing the tests/keyctl directory to be
ignored. Adding a leading "/" to names expected to be in the toplevel
directory ensures that they don't match names in subdirectories.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix building to correctly identify distribution ID from RPM and manage the
name of the compressed sourceball separately.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Endianness determination was broken sometime after Fedora 20 when
executables switched to being DYN objects rather than EXEC objects. This
caused the output of file to change.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
(1) The maximum description size patch is not yet applied to RHEL-7, so
that change only applies to RHEL-6, not RHEL-6 and everything after.
(2) There was a change in error reporting behaviour that got introduced in
v3.8 upstream and was fixed in v3.13. RHEL-7 was forked off of
v3.10.0, so it had the problem - but the fix has been backported, so
we need to adjust the version check.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The default mode exits as soon as an error is found.
Automated mode will run the entire test suite to completion.
Some tests may be dependent on earlier tests being successful,
so keep that in mind when investigating failures in tests.
Signed-off-by: Jeffrey Bastian <jbastian@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Jeffrey Bastian <jbastian@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The maximum description size (maxdesclen) in the upstream kernel has been
limited to 4095 plus a NUL char from v3.18 onwards and now this has been
backported to RHEL-6 from kernel release 589 and onwards.
Limit the maxdesc string when an appropriate kernel is detected.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
If the version parts of two x.y.z-r version strings are the same,
version_less_than() must compare the release parts rather than defaulting
to whatever the last return value happened to be.
This can be tested with this:
sh ./vercmp.sh 2.6.32-589.el6 2.6.32-592.el6.ppc64
Reversing the parameters should flip the output indication rather than
leaving it the same.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The lsb_release command can take a -s flag to trim the fixed specifier text
from the output. This means that it isn't actually necessary to pass the
output through awk to strip this off.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The mailing list is now at keyrings@vger.kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
This is analogous to the following commit:
commit 7963a21a183ccc5658acff3a1bf05ec3b0688946
Author: David Howells <dhowells@redhat.com>
Date: Wed, 15 Jan 2014 15:07:05 +0000
Subject: TEST: Make search/valid aware that the behaviour of the kernel changed
The kernel changed referred to also affected timeout/valid, which had
previously been affected by another change. All in all, between 3.8 and 3.12,
kernel returned ENOKEY instead of EKEYEXPIRED.
Signed-off-by: Christian Kastner <ckk@debian.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
A bug in the kernel-internal strnlen() function on MIPS led to the situation of
overlong strings not being reported correctly. This was fixed by the following
commit in 3.19:
commit 0097761013253930341e23723d64e0845c3f9edd (patch)
Author: Ralf Baechle <ralf@linux-mips.org>
Date: Date: Tue, 4 Nov 2014 11:54:29 +0100
Subject: MIPS: Fix strnlen_user() return value in case of overlong strings.
This patch disables the problematic tests on MIPS kernels older than 3.19.
Signed-off-by: Christian Kastner <ckk@debian.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fixes building with musl libc.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Print the version of keyutils being tested.
Signed-off-by: Karel Srot <ksrot@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
sys/types.h needs to be #included from keyutils.h as it uses size_t, uid_t and
gid_t which are otherwise undefined.
Reported-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
This is useful for running tests exlusively against the build result.
Modifing PATH and LD_LIBRARY_PATH is sufficient for most test cases, but in the
case of tests for the request2 and prequest2 subcommands, the kernel looks
for /sbin/request-key. Testing the build result would therefore require
installing it, but this is not always desirable, for example on build daemons.
Signed-off-by: Christian Kastner <debian@kvr.at>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
This way, test failures in environments where root privileges aren't
available can be avoided.
For example, Debian build daemons check the build result by running the test
suite with a non-root account after the build has completed, and any single
failure is treated as a total build failure. This is why tests were disabled
entirely until this patch was included in the Debian package.
Signed-off-by: Christian Kastner <debian@kvr.at>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Hyphens used as minus signs must be escaped, and names in the NAME section must
not contain spaces.
Signed-off-by: Christian Kastner <debian@kvr.at>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Define LN as it isn't defined by make, but LNS is now defined in terms of it.
Also, use $(LNS) for a couple of "ln -sf" commands.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The LNS Makefile macro is defined the same way twice. Remove the second
definition. Also, put the definition of LNS in terms of $(LN).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Allow building of the shared library to be suppressed by passing NO_SOLIB=1 to
the Makefile.
Reported-and-tested-by: Vicente Olivert Riera <vincent.riera@imgtec.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix mixed up version number checking. 3.5-rc1 is a kernel version number, not
a keyutils one.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Disable checks for AVCs by the test infrastructure in the bz1031154 testcase
because we intentionally generate AVCs as part of the test.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Place exclusions for a couple of tests that fail under RHEL-5.
https://bugzilla.redhat.com/show_bug.cgi?id=1075655
The problems are:
(1) keyctl/show/valid fails because "keyctl show" doesn't handle nested
keyrings with a depth of more than 2-3 correctly.
(2) keyctl/show/valid fails because the output of "keyctl show" doesn't allow
a big enough field for the key serial ID.
(3) keyctl/padd/useradd fails because the "keyctl padd" & co. are limited to
~64KB of data rather than 1MB-1.
(4) keyctl/padd/useradd fails because the "keyctl padd" & co. can't handle NUL
chars in their input.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The key invalidation test may fail because the check for a key having been
invalidated may occur too quickly after the call to invalidate the key.
The problem is that whilst the key is marked invalidated immediately, the
subsequent process of garbage collecting the invalidated key isn't synchronous
and may be delayed as the keyrings gc is merely scheduled to be run at some
later time.
Stick a small delay in there to give the gc a chance to run.
Bugzilla-entry: https://bugzilla.redhat.com/show_bug.cgi?id=1072798
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make it possible to use OSRELEASE with the version comparison functions.
Currently it's set to a text string (eg. "6.5") but not set to a numeric type
(which it can't be since it's not a simple number). This means that the shell
numeric comparison operators (eg. "-lt") cannot be used.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Key invalidation only came in with 3.5-rc1. Don't use it if the running
kernel doesn't support it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
keyctl padd tests can't use big_key type if it's not available because the
kernel is too old.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
keyctl show only takes an argument from 1.5.4 onwards, so it cannot be tested
for prior to that.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Don't use "%..." key search commands generally in the testsuite so that more
of it can be run on platforms for which the keyutils package installed doesn't
support this feature.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Display the name of the test we're about to run to make it easier to work out
which test went wrong.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Can't do the bz1031154 test before 3.13-rc1 so skip the test if the kernel is
too old. The big_key facility was backported to the 3.10 kernel used by
RHEL-7 so permit the test there.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make toolbox_report_result use its parameters rather than going directly to
the TEST envvar. Possibly the first parameter should be dropped.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a function to the toolbox to record skipped tests.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make sure the TEST envvar is set so that the scripts don't break if it isn't.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Provide function to check for the kernel version to use in feature checks.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Include version.inc.sh from prepare.inc.sh rather than toolbox.inc.sh so that
prepare.inc.sh can test for the presence of features.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move all the version checking functions into version.inc.sh.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Test that keyrings of the same name can be linked together. This is a check
for:
https://bugzilla.redhat.com/show_bug.cgi?id=1071346
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
All files pertinent to the testsuite need to be declared in the FILES= macro
in the tests/Makefile so that the testing infrastructure knows what is
relevant.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
When relying on external commands, such as getenforce, skip the test if
the required commands are unavailable.
This patch adds a function to the toolbox that allows tests to declare
their required commands at the top of the test script.
If which cannot locate the command, a message is written to the output
file, a marker is printed indicating which command is missing, and the
test script is terminated with a passing result.
Additionally, the patch adds require_command declarations for commands
required in the bz1031154 test.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The 5.14 release of file outputs an extra space after [LM]SB:
$ ./src/file -m magic/magic.mgc -L /proc/$$/exe
/proc/12755/exe: ELF 64-bit LSB executable, ...
This was due to the elf magic file containing some trailing spaces in
the 5.14 release.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The test runner and test scripts make use of non-POSIX (Bash specific)
features that cause problems when Bash is not /bin/sh. All mentions of
/bin/sh should be changed to /bin/bash to work on systems that, for
example, use Dash for /bin/sh.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix some miscellaneous bits in the test suite:
(1) In makescript $(wild ...) isn't a make function, $(wildcard ...) should
be used instead.
(2) Emit more metadata.
(3) Remove a trailing blank line.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Add manual pages to section 7 describing various keyrings concepts.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Improve the keyctl_read[_alloc]() manpage.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a Developer's Certificate of Origin for the use of people submitting
patches.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move manual pages to their own subdir to tidy the sources up.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The KEY_OTH_SETATTR constant macro is defined incorrectly.
Signed-off-by: James Muir <james.muir@graphitesoftware.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
This reverts commit ed72a1dfc56a4f5428affb1659d6812d54e392c5.
The problem is that the buffer argument might validly be NULL, leading to a
SEGV when we try to check for the NUL termination.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
In the keyctl program, when searching the command table, don't trust that an
overlong argument name won't cause memcpy() to segfault. This is unlikely to
be a problem as any efficient memcpy() is going to start scanning from the
lowest address, given that it has to report on the lowest-addressed difference
if there is one.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
(1) Check the success of strtol() correctly when parsing the key ID - and
make sure the key ID isn't blank beforehand.
(2) buf and callout_info in main() are guaranteed to be NULL at the point
they're tested prior to calling keyctl_describe_alloc() and
keyctl_read_alloc() so the if-statements are redundant.
(3) In append_address_to_payload() remove an if-statement that can never
trigger, given the if-statement it's embedded within.
(4) usage() doesn't know of a key ID to negate, so don't do that.
(5) The 'key' argument to dns_query_*() is redundant given the global
variable of the same name holding the same value.
(6) dns_query_a_or_aaaa() declares a local variable masking the 'key'
argument and global variable in an inner scope.
(7) DNS_EXPIRY_PREFIX, DNS_EXPIRY_TIME_LEN and AFSDB_MAX_DATA_LEN are all
unused and LIST_MULTIPLE_ITEMS is only set, never read, so delete them
all.
(8) Make append_address_to_payload() copy the argument if it's not a
duplicate rather than copying it in the caller then discarding when we
find out it is a duplicate.
(9) Move vllist[] and vlsnum into afsdb_hosts_to_addrs() rather than passing
them in from the caller where they aren't otherwise used.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Wang Lei <wang840925@gmail.com>
|
|
Don't use realloc() in keyctl_{describe,read,get_security}_alloc() as it
doesn't free the argument buffer if it fails and it will copy the empty buffer
if it moves it.
Use malloc+free instead.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Use the correct path macros in the specfile.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Check the description string is NUL-terminated retrieved by keyctl_describe()
included a NUL-terminator in its length.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Don't trust sscanf()'s %n argument just in case the space immediately before
it didn't match anything as sscanf() doesn't tell you if it was set.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Only get the groups list if calc_perms() is called as there's no point
grabbing the list otherwise.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix a leak of the description string memory from each key visited in
dump_key_tree_aux() in the keyctl program.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Exit rather than returning from act_xxx() functions so that the Coverity
checker doesn't think that memory is leaked from functions that allocate
memory.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Use the keyctl_describe_alloc() library function in dump_key_tree_aux() in the
keyctl program rather than open coding it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix some memory leaks in error paths where a previously allocated buffer is
not freed if we get an error.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The kernel changed its behaviour with regard to the error code it returns when
the first key a search found was revoked and no valid key was found. It used
to return ENOKEY and now returns EKEYREVOKED.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Check maximum size of payload to add_key() using the keyctl padd function.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Check depth of tree output by "keyctl show" to make sure it shows the full
depth and not an abbreviated tree.
Also, whilst we're at it, check that we can show the contents of a nominated
keyring.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Test the key invalidation functionality.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Test for the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1031154
whereby the kernel's attempts to access the shmem file used by a big_key type
to store large data can be denied by the SELinux policy.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Test for the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1033467
whereby 17 keyrings added into another, previously empty keyring cause a
number of bugs to appear (since the kernel patch to expand keyring capacity).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add manual pages for keyctl_get_persistent() and keyctl get_persistent.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the shell function version_less_than and associates in the toolbox to
handle -rcN in version numbers correctly so that kernel versions can be
compared.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the link recursion test to create the ninth keyring in the session keyring
and then link it into the eighth so that we can set the permissions mask upon
it (if we create it *in* the eighth keyring then we can't set the permissions
mask as we don't have possessee permission due to recursion limits preventing
possessee discovery).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the link recursion test to create the ninth keyring in the session keyring
and then link it into the eighth so that we can set the permissions mask upon
it (if we create it *in* the eighth keyring then we can't set the permissions
mask as we don't have possessee permission due to recursion limits preventing
possessee discovery).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
A macro name has been mistyped in the keyctl/link/recursion test. Fix it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
New symbols should go in a new library minor version, so move
keyctl_get_persistent and find_key_by_type_and_desc to 1.5.
Reported-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
Permit callers of the keyctl program to specify a key by its type and name
rather than by its number. This is done by replacing a key ID like:
1234
or:
@s
with a type and name:
%<type>:<name>
e.g.:
%user:a
As a shorthand, leaving out the type name:
%:<name>
e.g.:
%:_ses
refers to a keyring of the given name.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a function to find a key by its type and name, even if the key is not in
the process's thread, process or session keyrings (ie. it is not 'possessed'
by the process).
This looks in two places:
(1) Firstly, it looks in the processes attached keyrings so that possessed
keys are prioritised over non-possessed keys.
(2) Secondly, it scans /proc/keys, looking for a key matching the name. It
uses keyctl_describe() to check the name because the key description in
/proc/keys may have extra information appended by the type - but this
cannot be distinguished from keys that have stuff that looks like the
extra information embedded in the description.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
The contents of a keyring aren't ordered, so we can't check ordering.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The add_key() and keyctl_instantiate() calls can take a buffer of up to 1MB,
so grab_stdin() should be using a buffer capable of holding that rather than
one limited to 64KB.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the maximum depth of the key tree dump made my "keyctl show". The depth
increases in multiples of four because it is used to determine how many spaces
to prefix each printed line with - and not multiples of one.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
A search for a revoked key should return EKEYREVOKED if that key has not yet
been gc'd.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Recent upstream kernel commit:
commit 96b5c8fea6c0861621051290d705ec2e971963f1
Author: David Howells <dhowells@redhat.com>
Date: Tue Oct 2 19:24:56 2012 +0100
KEYS: Reduce initial permissions on keys
reduced initial permissions and some tests are now hitting EACCES
because they don't get to use the 'possessed' key permissions, but
must instead use the user/group/other permissions only.
This particularly affects the recursion test because the test for possession
hits the recursion limit and we don't see keys of that depth as being
possessed. To fix this, the keyrings in the recursion test are given full
user access and the eighth keyring is created elsewhere and linked in.
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Remove an incorrect word from request-key.conf.5.
Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The behaviour of how keys are deleted changed between RHEL6 and RHEL7.
In following sequence, key will go away only after gc delay time, which can
take several minutes. The Documentation doesn't make any statements about
when will the key go away, so this most likely is not a bug.
$ keyctl request2 user debug:lizard gizzard
$ keyctl unlink 580084255 @s
keyctl_unlink: No such file or directory
... after gc timeout ...
$ keyctl unlink 580084255 @s
keyctl_unlink: Required key not available
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Fix the Makefile to generate tarballs with correct pathname ('keyutils' rather
than 'cachefilesd'). This was code copied from another project.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Suppress the output of pushd/popd in runtest.sh to reduce the overall amount
of output produced.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the expr command that extracts the keyutils version number from the keyctl
program output to handle spaces in the string produced by keyctl.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the test case for "keyctl show" as the root key ID is no longer printed as
the special key ID. Instead we need to check that it's the session keyring by
examining the keyring's description.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Allow the recursive dump of a specified keyring rather than the session keyring
by doing:
keyctl show <keyringID>
The following:
keyctl show
still dumps the session keyring.
Also make some fixes to the show subcommand:
(*) 31-bit decimal numbers can be up to 10 chars long, so allow for an extra
char in the serial number when displaying it.
(*) Permit numbers to be displayed in hex with a -x flag:
keyctl show [-x] [<keyringID>]
(*) Turn the special keyring ID of the root keyring into the real serial
number and display that instead of the special ID.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix complaints generated by rpmlint.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a build ID facility to the specfile and the Makefile and add a make rule
to run rpmlint.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the keyctl padd, pinstantiate and pupdate commands to not use strlen() on
the data read from stdin as the data may be binary, but rather to have
grab_stdin() return the amount of data read.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make it possible to provide keytype-specific request key configs in userspace
as /etc/request-key.d/<keytype>.conf. If present, this will be used in
preference to /etc/request-key.conf.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
|
|
Make will search link paths for "-lkeyutils" and if you already have
keyutils installed, then it won't wait around for the local keyutils
library to get built. This causes random parallel build failures.
So just change the dependency to use the local soname symlink.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make sure that when we're waiting for a timeout to expire, we don't undersleep
- lest we start analysing the state too early and rule that a test is broken.
This can be seen just occasionally by the key timeout test when the sleep
command sleeps for less than the amount of time specified.
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Remove the unlink argument validity check that checks that just one argument
fails as it's now valid to pass a single argument.
Add a test for the unlink with single argument case (which searches the process
keyrings for all instances of the specified key and attempts to unlink them
all).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Provide a way to test for the absence of a key in a keyring other than just
testing to see if the keyring is now empty.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Allow non-root users to run the testsuite to completion successfully. In such
a case, check that chown and chgrp tests fail with EACCES rather than
completing successfully and warn the invoker that they should run this as root.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Extract the version string from keyctl so that tests can be made contingent
upon it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Check to the end of the keyring description string in the valid-session test.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Import the RHEL test suite and make it able to run without the RHTS testing
infrastructure available.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
The package version number and build date are stored in the library in:
const char keyutils_version_string[];
const char keyutils_build_string[];
And are displayable with the programs built as part of it:
# keyctl --version
keyctl from keyutils-1.5.3 (Built 2011-08-24)
# request-key --version
request-key from keyutils-1.5.3 (Built 2011-08-24)
The DNS query resolver gets extended version information as it already has its
own version number:
# key.dns_resolver --version
version: 1.0 from keyutils-1.5.3 (2011-08-24)
(the keyutils version is simply appended to the original).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the unlink entry in the keyctl.1 manual page command list to indicate that
the keyring is optional.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add the rpmbuild dir to .gitignore.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
The main keyutils rpm should depend on exactly the same version of the
keyutils-libs rpm so that they get updated together.
This should fix the following complaint from RHEL rpmdiff:
Report from TEST_REQUIRES:
[VERIFY] [keyutils] Subpackage keyutils on i686 ppc s390 consumes libraries libkeyutils.so.1 libkeyutils.so.1(KEYUTILS_0.3) libkeyutils.so.1(KEYUTILS_1.0) libkeyutils.so.1(KEYUTILS_1.3) from subpackage keyutils-libs but does not have explicit package version requirement.
Please add Requires: keyutils-libs = %{version}-%{release} to keyutils in the specfile to avoid the need to test interoperability between the various combinations of old and new subpackages.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Use ptrdiff_t format spec ("%td") in printf when displaying a pointer
subtraction result rather than a size_t ("%zu") or ssize_t ("%zd") format spec
as on something like the S390 pointers are not the same size as size_t,
resulting in the following warnings:
request-key.c: In function 'execute_program':
request-key.c:583:4: error: format '%zd' expects argument of type 'signed size_t', but argument 2 has type 'int' [-Werror=format]
request-key.c: In function 'pipe_to_program':
request-key.c:841:2: error: format '%zd' expects argument of type 'signed size_t', but argument 2 has type 'int' [-Werror=format]
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
Fix the address of the FSF in the GPL licence file and add a URL to both
licence files whilst we're at it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Clean up variables that are set but not read, giving:
keyutils.c: In function 'recursive_key_scan_aux':
keyutils.c:353:46: error: variable 'is_keyring' set but not used [-Werror=unused-but-set-variable]
key.dns_resolver.c: In function 'main':
key.dns_resolver.c:643:7: error: variable 'hostbuf' set but not used [-Werror=unused-but-set-variable]
with the F16 compiler.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move to version 1.5.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Allow multiple lines in the commands[] table with same name by setting the
action function pointer to NULL for the second and subsequent entries. This
prevents the partial matcher from proclaiming ambiguity for short versions of
commands that have multiple lines ('session' and 'purge').
Also alphabetically order the commands table.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a purge command to keyctl to unlink all matching keys from the session
keyring tree that it can find. There are three cases:
(1) keyctl purge <type>
Perform a depth-first search to find all keys of this type and unlink
them.
(2) keyctl purge [-i] [-p] <type> <desc>
Perform a depth-first search to find all keys of this type and unlink them
if their description matches the specified description textually. The
caller can request a case-independent match on the description by
supplying the -i flag or a prefix match by supplying the -p flag.
(3) keyctl purge -s <type> <desc>
Repeat 'keyctl search' in all the searchable keyrings in the session
keyring tree and unlink matching keys from those keyrings. The comparison
is therefore done with the key type's comparator in the kernel and may
thus match different keys to (2).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Permit unlinking of all instances of a key in session keyring tree by not
electing not to provide a keyring ID to the unlink command. With this, the
unlink command becomes:
keyctl unlink <key> [<keyring>]
If <keyring> is given, just the link to <key> in the nominated keyring is
removed.
If <keyring> is not given, all links to <key> in the session keyring are
removed.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
A new command:
keyctl reap
will do a depth-first search of the session keyring tree looking for negative,
rejected, expired, revoked and dead keys and unlink them if possible (the
keyring containing the link has to grant Write permission to the caller).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a pair of depth-first recursive key scanning functions to the library.
The first applies the named function to all the accessible keys in the keyring
tree rooted at key:
int recursive_key_scan(key_serial_t key,
recursive_key_scanner_t func,
void *data);
The second is the same as the first, with the calling process's session
keyring as the root keyring:
int recursive_key_session_scan(recursive_key_scanner_t func,
void *data);
Both functions take a pointer to a callback function to be applied and a data
item to pass to it. The callback function should fit the following template:
typedef int (*recursive_key_scanner_t)(
key_serial_t parent, key_serial_t key,
char *desc, int desc_len,
void *data);
The parameters are: the keyring currently being scanned (parent); the key
linked to by the current slot in that keyring (key); the raw description of
that key (desc) as fetched by keyctl_describe or NULL if it couldn't be
fetched; the length of the raw description (desc_len) or -1 if
keyctl_describe_alloc() returned an error; and the data passed to whichever
scanning function was called.
Keyrings must grant View and Read permission to be iterated through. Target
keys need not grant any permissions to have the callback function applied.
The return value of the scanning functions is the sum of the return values of
the callback function applied to each key. Errors are ignored.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make the dns resolver upcall program reject (negatively instantiate with a
specific error code) unresolvable keys rather than pushing the error code to
the key type to deal with. This means that request_key() will return the
error directly.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make keyctl_instantiate_iov() fallback to keyctl_instantiate() if the kernel
does not support the op. This involves creating a contiguous buffer and
copying the data to it before handing it to the kernel.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Have keyctl_reject() fall back to keyctl_negate() if the kernel keyctl
operation is not available.
This means that request_key() will return ENOKEY rather than the specified
error if the kernel doesn't support the latter, but at least the key will be
negated.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a dns_resolver key upcall handler for looking up A and/or AAAA records.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a dns_resolver key upcall handler for looking up AFSDB records and then
using them to find A or AAAA records of AFS Volume Location servers for the
named cell.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Support the keyctl op to instantiate a key from payload data in an iovec rather
than a flat buffer, providing it as keyctl_instantiate_iov().
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Support the negate key with specific rejection error keyctl op, providing it
as keyctl_reject().
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make the specfile UTF-8 to keep rpmlint happy (one of the names in the
changelog has an accented character in it).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add -I. to the build so that the keyutils.h in the build directory gets used in
preference to whatever's in /usr/include.
Handle Makefile variables being overridden by the specfile and discarding the
previously mentioned -I. flag.
Also chuck -Werror into the mix.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Disable the setting of RPATH in the Makefile as it prevents tests done with
LD_LIBRARY_PATH from working.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Release 1.4-4
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add Makefile rule to build an RPM from the current git HEAD branch.
Also add a distclean makefile rule that will delete the rpmbuild dir so
produced.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Make the Makefile extract version information from the specfile and the library
version script when building rather than defining it redundantly.
The specfile provides the current package version and the library version
script provides the current API version.
Also add a 'make rpm' option to build a RPMs from the HEAD version of the GIT
tree that the keyutils package is in.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
NO_GLIBC_KEYSYS is obsolete and no longer used in the C code, so remove it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Don't include $(DESTDIR) in MAN* macros in the Makefile, but rather include
it in the installation lines directly for consistency.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Programs build by this package should depend on the library built by this
package as they're linked against it.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Try to guess library directories and word size by seeing what the make program
is and uses.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Release 1.4-3
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
First of all, rpath was being set to NULL, which makes it unsafe (empty
rpath is the same as ".", letting the loader look for libraries in the
current work directory); the obvious mistake here was to use $(LIB) rather
than $(LIBDIR) (did it change over time?).
But make RPATH optional, by moving it to its own macro definition, this
allows for packagers to not use rpath at all, as it's usually not necessary
when installing in the default library paths (such as /lib).
Also, move the -L. flag at the top of the link command, so that
user-provide library search paths won't cause another libkeyutils to be
linked against.
Cc: Robin Johnson <robbat2@gentoo.org>
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Release 1.4-2
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix function prototypes in the manual pages so that they match what's in the
header file.
keyctl_instantiate(), keyctl_read_alloc() and keyctl_update() take pointers to
void buffers not char buffers.
Furthermore, keyctl_security[_alloc]() should be keyctl_get_security[_alloc]()
and should also be installed.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move to version 1.4.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the library naming to be libkeyutils.so.x.y.z, not libkeyutils-x.y.z.so as
the former is the preferred way, and the latter is only used by a few
exceptional packages, such as glibc.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Add a keyctl.3 manpage as an index for all the keyctl functions. This means
that I don't have to alter every keyutils manpage each time a new function is
added, just to update the "See Also" sections.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Spell 'specified' correctly in various manual pages.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move to version 1.3, including versioning the new functions in the library.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Fix the following compiler warnings:
request-key.c: In function 'pipe_to_program':
request-key.c:714: warning: dereferencing type-punned pointer will break strict-aliasing rules
request-key.c:715: warning: dereferencing type-punned pointer will break strict-aliasing rules
request-key.c:712: warning: dereferencing pointer 'wfds.89' does break strict-aliasing rules
request-key.c:712: note: initialized from here
request-key.c:712: warning: dereferencing pointer 'rfds.90' does break strict-aliasing rules
request-key.c:712: note: initialized from here
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
- Remove syscall manual pages (section 2) to man-pages package [BZ 203582]
- Don't write to serial port in debugging script
- Call ldconfig during (un)installation.
|
|
- Don't include the release number in the shared library filename
- Don't build static library
- More bug fixes from Fedora reviewer.
- Fix rpmlint errors
|
|
- Add build dependency on glibc-kernheaders with key management syscall
- Add data pipe-in facility for keyctl request2
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
- Add data pipe-in facilities for keyctl add, update and instantiate
|
|
- Added stdint.h inclusion in keyutils.h
- Made request-key.c use request_key() rather than keyctl_search()
- Added piping facility to request-key
|
|
- Added timeout keyctl option
- request_key auth keys must now be assumed
- Fix keyctl argument ordering for debug negate line in request-key.conf
|
|
- Must invoke initialisation from perror() override in libkeyutils
- Minor UI changes
- Bump version to permit building in main repositories.
- Don't attempt to define the error codes in the header file.
- Pass the release ID through to the makefile to affect the shared library name.
- Build in the perror() override to get the key error strings displayed.
- Need a defattr directive after each files directive.
|
|
|