Make it possible to provide keytype-specific request key configs

Make it possible to provide keytype-specific request key configs in userspace as /etc/request-key.d/<keytype>.conf. If present, this will be used in preference to /etc/request-key.conf. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com>
author: David Howells <dhowells@redhat.com> 2011-11-15 20:45:11 +0000
committer: David Howells <dhowells@redhat.com> 2011-11-15 20:45:11 +0000
commit: d9f9beeaca6882563bf5085650d6d9ce6ca81398 (patch)
tree: 41d5102f5d21e17de211fdab20f42b2f79740fed /request-key.c
parent: 38604366dbe30f9ab3a57112c4b143df2dbd04a5 (diff)
download: keyutils-d9f9beeaca6882563bf5085650d6d9ce6ca81398.tar.gz
1 files changed, 48 insertions, 33 deletions
diff --git a/request-key.c b/request-key.c
index ade1cea..3762e9a 100644
--- a/request-key.c
+++ b/request-key.c
@@ -40,6 +40,7 @@ static char *xgid;
 static char *xthread_keyring;
 static char *xprocess_keyring;
 static char *xsession_keyring;
+static char conffile[256];
 static int confline;
 static int norecurse;
 
@@ -115,6 +116,9 @@ static void error(const char *fmt, ...)
 	exit(1);
 }
 
+#define file_error(FMT, ...)  error("%s: "FMT, conffile, ## __VA_ARGS__)
+#define line_error(FMT, ...)  error("%s:%d: "FMT, conffile, confline, ## __VA_ARGS__)
+
 static void oops(int x)
 {
 	error("Died on signal %d", x);
@@ -262,21 +266,42 @@ static void lookup_action(char *op,
 	cilen = strlen(callout_info);
 
 	/* search the config file for a command to run */
-	conf = fopen(xdebug < 2 ? "/etc/request-key.conf" : "request-key.conf", "r");
+	if (strlen(ktype) <= sizeof(conffile) - 30) {
+		if (xdebug < 2)
+			snprintf(conffile, sizeof(conffile) - 1,
+				 "/etc/request-key.d/%s.conf", ktype);
+		else
+			snprintf(conffile, sizeof(conffile) - 1,
+				 "request-key.d/%s.conf", ktype);
+		conf = fopen(conffile, "r");
+		if (conf)
+			goto opened_conf_file;
+		if (errno != ENOENT)
+			error("Cannot open %s: %m\n", conffile);
+	}
+
+	if (xdebug < 2)
+		snprintf(conffile, sizeof(conffile) - 1, "/etc/request-key.conf");
+	else
+		snprintf(conffile, sizeof(conffile) - 1, "request-key.conf");
+	conf = fopen(conffile, "r");
 	if (!conf)
-		error("Cannot open /etc/request-key.conf: %m\n");
+		error("Cannot open %s: %m\n", conffile);
+
+opened_conf_file:
+	debug("Opened config file '%s'\n", conffile);
 
 	for (confline = 1;; confline++) {
 		/* read the file line-by-line */
 		if (!fgets(buf, sizeof(buf), conf)) {
 			if (feof(conf))
 				error("Cannot find command to construct key %d\n", key);
-			error("Error reading /etc/request-key.conf\n");
+			file_error("error %m\n");
 		}
 
 		len = strlen(buf);
 		if (len >= sizeof(buf) - 2)
-			error("/etc/request-key.conf:%d: Line too long\n", confline);
+			line_error("Line too long\n");
 
 		/* ignore blank lines and comments */
 		if (len == 1 || buf[0] == '#' || isspace(buf[0]))
@@ -345,7 +370,7 @@ static void lookup_action(char *op,
 
 		p++;
 
-		debug("Line %d matches\n", confline);
+		debug("%s:%d: Line matches\n", conffile, confline);
 
 		/* we've got an action */
 		while (isspace(*p)) p++;
@@ -357,10 +382,10 @@ static void lookup_action(char *op,
 		execute_program(op, key, ktype, kdesc, callout_info, p);
 	}
 
-	error("/etc/request-key.conf: No matching action\n");
+	file_error("No matching action\n");
 
 syntax_error:
-	error("/etc/request-key.conf:%d: Syntax error\n", confline);
+	line_error("Syntax error\n");
 
 } /* end lookup_action() */
 
@@ -457,7 +482,7 @@ static void execute_program(char *op,
 	prog = p = cmdline;
 	while (*p && !isspace(*p)) p++;
 //	if (!*p)
-//		error("/etc/request-key.conf:%d: No command path\n", confline);
+//		line_error("No command path\n");
 //	*p++ = 0;
 	if (*p)
 		*p++ = 0;
@@ -471,7 +496,7 @@ static void execute_program(char *op,
 			break;
 
 		if (argc >= 254)
-			error("/etc/request-key.conf:%d: Too many arguments\n", confline);
+			line_error("Too many arguments\n");
 		argv[argc] = q = p;
 
 		while (*p && !isspace(*p)) p++;
@@ -489,7 +514,7 @@ static void execute_program(char *op,
 		/* it's a macro */
 		q++;
 		if (!*q)
-			error("/etc/request-key.conf:%d: Missing macro name\n", confline);
+			line_error("Missing macro name\n");
 
 		if (*q == '%') {
 			/* it's actually an anti-macro escape "%%..." -> "%..." */
@@ -511,7 +536,7 @@ static void execute_program(char *op,
 			case 'P': argv[argc] = xprocess_keyring;	continue;
 			case 'S': argv[argc] = xsession_keyring;	continue;
 			default:
-				error("/etc/request-key.conf:%d: Unsupported macro\n", confline);
+				line_error("Unsupported macro\n");
 			}
 		}
 
@@ -526,50 +551,40 @@ static void execute_program(char *op,
 			q++;
 			ksdesc = strchr(q, ':');
 			if (!ksdesc)
-				error("/etc/request-key.conf:%d: Keysub macro lacks ':'\n",
-				      confline);
+				line_error("Keysub macro lacks ':'\n");
 			*ksdesc++ = 0;
 			end = strchr(ksdesc, '}');
 			if (!end)
-				error("/etc/request-key.conf:%d: Unterminated keysub macro\n",
-				      confline);
+				line_error("Unterminated keysub macro\n");
 
 			*end++ = 0;
 			if (*end)
-				error("/etc/request-key.conf:%d:"
-				      " Keysub macro has trailing rubbish\n",
-				      confline);
+				line_error("Keysub macro has trailing rubbish\n");
 
 			debug("Keysub: %s key \"%s\"\n", q, ksdesc);
 
 			if (!q[0])
-				error("/etc/request-key.conf:%d: Keysub type empty\n", confline);
+				line_error("Keysub type empty\n");
 
 			if (!ksdesc[0])
-				error("/etc/request-key.conf:%d: Keysub description empty\n",
-				      confline);
+				line_error("Keysub description empty\n");
 
 			/* look up the key in the requestor's keyrings, but fail immediately if the
 			 * key is not found rather than invoking /sbin/request-key again
 			 */
 			keysub = request_key(q, ksdesc, NULL, 0);
 			if (keysub < 0)
-				error("/etc/request-key.conf:%d:"
-				      " Keysub key not found: %m\n",
-				      confline);
+				line_error("Keysub key not found: %m\n");
 
 			ret = keyctl_read_alloc(keysub, &tmp);
 			if (ret < 0)
-				error("/etc/request-key.conf:%d:"
-				      " Can't read keysub %d data: %m\n",
-				      confline, keysub);
+				line_error("Can't read keysub %d data: %m\n", keysub);
 			subdata = tmp;
 
 			for (loop = 0; loop < ret; loop++)
 				if (!isprint(subdata[loop]))
-					error("/etc/request-key.conf:%d:"
-					      " keysub %d data not printable ('%02hhx')\n",
-					      confline, keysub, subdata[loop]);
+					error("keysub %d data not printable ('%02hhx')\n",
+					      keysub, subdata[loop]);
 
 			argv[argc] = subdata;
 			continue;
@@ -577,7 +592,7 @@ static void execute_program(char *op,
 	}
 
 	if (argc == 0)
-		error("/etc/request-key.conf:%d: No arguments\n", confline);
+		line_error("No arguments\n");
 
 	argv[argc] = NULL;
 
@@ -602,7 +617,7 @@ static void execute_program(char *op,
 	/* attempt to execute the command */
 	execv(prog, argv);
 
-	error("/etc/request-key.conf:%d: Failed to execute '%s': %m\n", confline, prog);
+	line_error("Failed to execute '%s': %m\n", prog);
 
 } /* end execute_program() */
 
@@ -646,7 +661,7 @@ static void pipe_to_program(char *op,
 		close(epi[1]);
 
 		execv(prog, argv);
-		error("/etc/request-key.conf:%d: Failed to execute '%s': %m\n", confline, prog);
+		line_error("Failed to execute '%s': %m\n", prog);
 	}
 
 	/* parent process */
author	David Howells <dhowells@redhat.com>	2011-11-15 20:45:11 +0000
committer	David Howells <dhowells@redhat.com>	2011-11-15 20:45:11 +0000
commit	d9f9beeaca6882563bf5085650d6d9ce6ca81398 (patch)
tree	41d5102f5d21e17de211fdab20f42b2f79740fed /request-key.c
parent	38604366dbe30f9ab3a57112c4b143df2dbd04a5 (diff)
download	keyutils-d9f9beeaca6882563bf5085650d6d9ce6ca81398.tar.gz