diff options
author | David Howells <dhowells@redhat.com> | 2019-08-16 12:24:52 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2019-08-19 15:40:48 +0100 |
commit | 93052ad750f2af1cc9b592005cfb95880dc44f4a (patch) | |
tree | a8e429da991cfb485058287a369db80f29eca00f | |
parent | 1274bc7020f934072f112d9a43a9db0265438a5f (diff) | |
download | keyutils-93052ad750f2af1cc9b592005cfb95880dc44f4a.tar.gz |
Add a symbolic ID to numeric ID keyctl command
Add a keyctl command to look up a symbolic key ID (such as "@s") or a named
reference (such as "%user:foo") and return the numeric ID for the key or
keyring, eg:
$ keyctl id @s
259509209
The command will also just convert numeric IDs to themselves.
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | keyctl.c | 23 | ||||
-rw-r--r-- | man/keyctl.1 | 11 | ||||
-rw-r--r-- | tests/keyctl/id/bad-args/runtest.sh | 25 | ||||
-rw-r--r-- | tests/keyctl/id/noargs/runtest.sh | 23 | ||||
-rw-r--r-- | tests/keyctl/id/valid/runtest.sh | 68 | ||||
-rw-r--r-- | tests/toolbox.inc.sh | 26 |
6 files changed, 176 insertions, 0 deletions
@@ -26,6 +26,7 @@ #include "keyctl.h" static nr void act_keyctl___version(int argc, char *argv[]); +static nr void act_keyctl_id(int argc, char *argv[]); static nr void act_keyctl_show(int argc, char *argv[]); static nr void act_keyctl_add(int argc, char *argv[]); static nr void act_keyctl_padd(int argc, char *argv[]); @@ -85,6 +86,7 @@ static const struct command commands[] = { { act_keyctl_dh_compute_kdf, "dh_compute_kdf", "<private> <prime> <base> <len> <hash_name>" }, { act_keyctl_dh_compute_kdf_oi, "dh_compute_kdf_oi", "<private> <prime> <base> <len> <hash_name>" }, { act_keyctl_get_persistent, "get_persistent", "<keyring> [<uid>]" }, + { act_keyctl_id, "id", "<key>" }, { act_keyctl_instantiate, "instantiate","<key> <data> <keyring>" }, { act_keyctl_invalidate,"invalidate", "<key>" }, { act_keyctl_link, "link", "<key> <keyring>" }, @@ -365,6 +367,27 @@ write_mask: /*****************************************************************************/ /* + * Get a key or keyring ID. + */ +static void act_keyctl_id(int argc, char *argv[]) +{ + key_serial_t key; + + if (argc != 2) + format(); + + key = get_key_id(argv[1]); + + key = keyctl_get_keyring_ID(key, 0); + if (key < 0) + error("keyctl_get_keyring_ID"); + + printf("%d\n", key); + exit(0); +} + +/*****************************************************************************/ +/* * show the parent process's session keyring */ static void act_keyctl_show(int argc, char *argv[]) diff --git a/man/keyctl.1 b/man/keyctl.1 index dce2549..d1008ff 100644 --- a/man/keyctl.1 +++ b/man/keyctl.1 @@ -15,6 +15,8 @@ keyctl \- key management facility control .br \fBkeyctl\fR supports [<cap> | --raw] .br +\fBkeyctl\fR id [<keyring>] +.br \fBkeyctl\fR show [\-x] [<keyring>] .br \fBkeyctl\fR add <type> <desc> <data> <keyring> @@ -255,6 +257,15 @@ Keys can get tagged with namespace tags, allowing keys with the same type and description, but different namespaces to coexist in the same keyring. Tagging is done automatically according to the key type. +.SS Show actual key or keyring ID +\fBkeyctl id [<key>]\fR + +This command looks up the real ID of a key or keyring from the identifier +given, which is typically a symbolic ID such as "@s" indicating the session +keyring, but can also be a numeric ID or "%type:desc" notation. If a special +keyring is specified that isn't created yet, an error will be given rather than +causing that keyring to be created. + .SS Show process keyrings \fBkeyctl show [\-x] [<keyring>]\fR diff --git a/tests/keyctl/id/bad-args/runtest.sh b/tests/keyctl/id/bad-args/runtest.sh new file mode 100644 index 0000000..957d1a5 --- /dev/null +++ b/tests/keyctl/id/bad-args/runtest.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that a bad key ID fails correctly +marker "CHECK BAD KEY ID" +id_key --fail 0 +expect_error EINVAL + +# check non-existent standard IDs +marker "CHECK BAD IDS" +id_key --fail2 @wwww +id_key --fail2 @qqqq + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/id/noargs/runtest.sh b/tests/keyctl/id/noargs/runtest.sh new file mode 100644 index 0000000..aff9de6 --- /dev/null +++ b/tests/keyctl/id/noargs/runtest.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check that no arguments fails correctly +marker "NO ARGS" +expect_args_error keyctl id + +# check that one argument fails correctly +marker "TWO ARGS" +expect_args_error keyctl id 0 0 + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/keyctl/id/valid/runtest.sh b/tests/keyctl/id/valid/runtest.sh new file mode 100644 index 0000000..56c2d95 --- /dev/null +++ b/tests/keyctl/id/valid/runtest.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +. ../../../prepare.inc.sh +. ../../../toolbox.inc.sh + + +# ---- do the actual testing ---- + +result=PASS +echo "++++ BEGINNING TEST" >$OUTPUTFILE + +# check standard IDs +marker "CHECK STD IDS" +id_key --fail @t +expect_error ENOKEY +id_key --fail @p +expect_error ENOKEY +id_key @s +id_key @u +id_key @us +id_key --fail @g +expect_error EINVAL +id_key --fail @a +expect_error ENOKEY + +# create a keyring +marker "CREATE KEYRING" +create_keyring lizard @s +expect_keyid keyid + +# check that a non-keyring ID works +marker "CHECK NON-KEYRING KEY" +id_key $keyid +id_key %:lizard +id_key --fail %:lizardx + +# dispose of the key we were using +marker "UNLINK KEYRING" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEYRING ID" +id_key --fail $keyid +expect_error ENOKEY + +# create a non-keyring +marker "CREATE KEY" +create_key user lizard gizzard @s +expect_keyid keyid + +# check that a non-keyring ID works +marker "CHECK NON-KEYRING KEY" +id_key $keyid +id_key %user:lizard + +# dispose of the key we were using +marker "UNLINK KEY" +unlink_key --wait $keyid @s + +# check that a non-existent key ID fails correctly +marker "CHECK NON-EXISTENT KEY ID" +id_key --fail $keyid +expect_error ENOKEY + +echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +# --- then report the results in the database --- +toolbox_report_result $TEST $result diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh index e7b9635..a281221 100644 --- a/tests/toolbox.inc.sh +++ b/tests/toolbox.inc.sh @@ -237,6 +237,32 @@ function pause_till_key_unlinked () ############################################################################### # +# Get the ID of a key or keyring. +# +############################################################################### +function id_key () +{ + my_exitval=0 + if [ "x$1" = "x--fail" ] + then + my_exitval=1 + shift + elif [ "x$1" = "x--fail2" ] + then + my_exitval=2 + shift + fi + + echo keyctl id "$@" >>$OUTPUTFILE + keyctl id "$@" >>$OUTPUTFILE 2>&1 + if [ $? != $my_exitval ] + then + failed + fi +} + +############################################################################### +# # request a key and attach it to the new keyring # ############################################################################### |