Add a symbolic ID to numeric ID keyctl command

Add a keyctl command to look up a symbolic key ID (such as "@s") or a named reference (such as "%user:foo") and return the numeric ID for the key or keyring, eg: $ keyctl id @s 259509209 The command will also just convert numeric IDs to themselves. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2019-08-16 12:24:52 +0100
committer: David Howells <dhowells@redhat.com> 2019-08-19 15:40:48 +0100
commit: 93052ad750f2af1cc9b592005cfb95880dc44f4a (patch)
tree: a8e429da991cfb485058287a369db80f29eca00f
parent: 1274bc7020f934072f112d9a43a9db0265438a5f (diff)
download: keyutils-93052ad750f2af1cc9b592005cfb95880dc44f4a.tar.gz
6 files changed, 176 insertions, 0 deletions
diff --git a/keyctl.c b/keyctl.c
index 362d695..7f2660e 100644
--- a/keyctl.c
+++ b/keyctl.c
@@ -26,6 +26,7 @@
 #include "keyctl.h"
 
 static nr void act_keyctl___version(int argc, char *argv[]);
+static nr void act_keyctl_id(int argc, char *argv[]);
 static nr void act_keyctl_show(int argc, char *argv[]);
 static nr void act_keyctl_add(int argc, char *argv[]);
 static nr void act_keyctl_padd(int argc, char *argv[]);
@@ -85,6 +86,7 @@ static const struct command commands[] = {
 	{ act_keyctl_dh_compute_kdf, "dh_compute_kdf", "<private> <prime> <base> <len> <hash_name>" },
 	{ act_keyctl_dh_compute_kdf_oi, "dh_compute_kdf_oi", "<private> <prime> <base> <len> <hash_name>" },
 	{ act_keyctl_get_persistent, "get_persistent", "<keyring> [<uid>]" },
+	{ act_keyctl_id,	"id",		"<key>" },
 	{ act_keyctl_instantiate, "instantiate","<key> <data> <keyring>" },
 	{ act_keyctl_invalidate,"invalidate",	"<key>" },
 	{ act_keyctl_link,	"link",		"<key> <keyring>" },
@@ -365,6 +367,27 @@ write_mask:
 
 /*****************************************************************************/
 /*
+ * Get a key or keyring ID.
+ */
+static void act_keyctl_id(int argc, char *argv[])
+{
+	key_serial_t key;
+
+	if (argc != 2)
+		format();
+
+	key = get_key_id(argv[1]);
+
+	key = keyctl_get_keyring_ID(key, 0);
+	if (key < 0)
+		error("keyctl_get_keyring_ID");
+
+	printf("%d\n", key);
+	exit(0);
+}
+
+/*****************************************************************************/
+/*
  * show the parent process's session keyring
  */
 static void act_keyctl_show(int argc, char *argv[])
diff --git a/man/keyctl.1 b/man/keyctl.1
index dce2549..d1008ff 100644
--- a/man/keyctl.1
+++ b/man/keyctl.1
@@ -15,6 +15,8 @@ keyctl \- key management facility control
 .br
 \fBkeyctl\fR supports [<cap> | --raw]
 .br
+\fBkeyctl\fR id [<keyring>]
+.br
 \fBkeyctl\fR show [\-x] [<keyring>]
 .br
 \fBkeyctl\fR add <type> <desc> <data> <keyring>
@@ -255,6 +257,15 @@ Keys can get tagged with namespace tags, allowing keys with the same type and
 description, but different namespaces to coexist in the same keyring.  Tagging
 is done automatically according to the key type.
 
+.SS Show actual key or keyring ID
+\fBkeyctl id [<key>]\fR
+
+This command looks up the real ID of a key or keyring from the identifier
+given, which is typically a symbolic ID such as "@s" indicating the session
+keyring, but can also be a numeric ID or "%type:desc" notation.  If a special
+keyring is specified that isn't created yet, an error will be given rather than
+causing that keyring to be created.
+
 .SS Show process keyrings
 \fBkeyctl show [\-x] [<keyring>]\fR
 
diff --git a/tests/keyctl/id/bad-args/runtest.sh b/tests/keyctl/id/bad-args/runtest.sh
new file mode 100644
index 0000000..957d1a5
--- /dev/null
+++ b/tests/keyctl/id/bad-args/runtest.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+. ../../../prepare.inc.sh
+. ../../../toolbox.inc.sh
+
+
+# ---- do the actual testing ----
+
+result=PASS
+echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
+# check that a bad key ID fails correctly
+marker "CHECK BAD KEY ID"
+id_key --fail 0
+expect_error EINVAL
+
+# check non-existent standard IDs
+marker "CHECK BAD IDS"
+id_key --fail2 @wwww
+id_key --fail2 @qqqq
+
+echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+# --- then report the results in the database ---
+toolbox_report_result $TEST $result
diff --git a/tests/keyctl/id/noargs/runtest.sh b/tests/keyctl/id/noargs/runtest.sh
new file mode 100644
index 0000000..aff9de6
--- /dev/null
+++ b/tests/keyctl/id/noargs/runtest.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+. ../../../prepare.inc.sh
+. ../../../toolbox.inc.sh
+
+
+# ---- do the actual testing ----
+
+result=PASS
+echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
+# check that no arguments fails correctly
+marker "NO ARGS"
+expect_args_error keyctl id
+
+# check that one argument fails correctly
+marker "TWO ARGS"
+expect_args_error keyctl id 0 0
+
+echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+# --- then report the results in the database ---
+toolbox_report_result $TEST $result
diff --git a/tests/keyctl/id/valid/runtest.sh b/tests/keyctl/id/valid/runtest.sh
new file mode 100644
index 0000000..56c2d95
--- /dev/null
+++ b/tests/keyctl/id/valid/runtest.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+. ../../../prepare.inc.sh
+. ../../../toolbox.inc.sh
+
+
+# ---- do the actual testing ----
+
+result=PASS
+echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
+# check standard IDs
+marker "CHECK STD IDS"
+id_key --fail @t
+expect_error ENOKEY
+id_key --fail @p
+expect_error ENOKEY
+id_key @s
+id_key @u
+id_key @us
+id_key --fail @g
+expect_error EINVAL
+id_key --fail @a
+expect_error ENOKEY
+
+# create a keyring
+marker "CREATE KEYRING"
+create_keyring lizard @s
+expect_keyid keyid
+
+# check that a non-keyring ID works
+marker "CHECK NON-KEYRING KEY"
+id_key $keyid
+id_key %:lizard
+id_key --fail %:lizardx
+
+# dispose of the key we were using
+marker "UNLINK KEYRING"
+unlink_key --wait $keyid @s
+
+# check that a non-existent key ID fails correctly
+marker "CHECK NON-EXISTENT KEYRING ID"
+id_key --fail $keyid
+expect_error ENOKEY
+
+# create a non-keyring
+marker "CREATE KEY"
+create_key user lizard gizzard @s
+expect_keyid keyid
+
+# check that a non-keyring ID works
+marker "CHECK NON-KEYRING KEY"
+id_key $keyid
+id_key %user:lizard
+
+# dispose of the key we were using
+marker "UNLINK KEY"
+unlink_key --wait $keyid @s
+
+# check that a non-existent key ID fails correctly
+marker "CHECK NON-EXISTENT KEY ID"
+id_key --fail $keyid
+expect_error ENOKEY
+
+echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+# --- then report the results in the database ---
+toolbox_report_result $TEST $result
diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
index e7b9635..a281221 100644
--- a/tests/toolbox.inc.sh
+++ b/tests/toolbox.inc.sh
@@ -237,6 +237,32 @@ function pause_till_key_unlinked ()
 
 ###############################################################################
 #
+# Get the ID of a key or keyring.
+#
+###############################################################################
+function id_key ()
+{
+    my_exitval=0
+    if [ "x$1" = "x--fail" ]
+    then
+	my_exitval=1
+	shift
+    elif [ "x$1" = "x--fail2" ]
+    then
+	my_exitval=2
+	shift
+    fi
+
+    echo keyctl id "$@" >>$OUTPUTFILE
+    keyctl id "$@" >>$OUTPUTFILE 2>&1
+    if [ $? != $my_exitval ]
+    then
+	failed
+    fi
+}
+
+###############################################################################
+#
 # request a key and attach it to the new keyring
 #
 ###############################################################################
author	David Howells <dhowells@redhat.com>	2019-08-16 12:24:52 +0100
committer	David Howells <dhowells@redhat.com>	2019-08-19 15:40:48 +0100
commit	93052ad750f2af1cc9b592005cfb95880dc44f4a (patch)
tree	a8e429da991cfb485058287a369db80f29eca00f
parent	1274bc7020f934072f112d9a43a9db0265438a5f (diff)
download	keyutils-93052ad750f2af1cc9b592005cfb95880dc44f4a.tar.gz