| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an upcall happens currently, either a file by the name
"/etc/request-key.d/<type>.conf" is scanned or the default file
"/etc/request-key.conf" is scanned and then the first match (including
wildcards) is selected.
Change this to read all the files in the conf directory and then read the
default file. The best rule is then chosen and executed.
"Best" is defined as the rule with the least number of characters that are
skipped by matching a wildcard (e.g. string "foo:bar" matches pattern
"foo:*" with the number of characters being skipped being 3).
Further, the operation, type, description and callout_info columns are
matched individually and in order, so that a skip of 1 in the operation
column, say, is less preferable than an exact match there and a skip of 2
in the type column.
For example, take:
create dns_resolver afsdb:* * /sbin/key.afsdb %k
create dns_resolver afsdb:* hello* /sbin/key.xxxx %k
if both lines match, the second one will be picked, but, on the other hand,
with:
create dns_resolver afsdb:* * /sbin/key.afsdb %k
creat* dns_resolver afsdb:* hello* /sbin/key.xxxx %k
the first will be picked.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dave Jiang <dave.jiang@intel.com>
|
|
|
|
|
|
|
|
|
| |
Allow "-x" to be passed on the command line to the request-key program to
suppress side effects and target execution. This makes it easier to debug
the program and its configuration by allowing it to be driven from the
command line.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make it possible to provide keytype-specific request key configs in userspace
as /etc/request-key.d/<keytype>.conf. If present, this will be used in
preference to /etc/request-key.conf.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package version number and build date are stored in the library in:
const char keyutils_version_string[];
const char keyutils_build_string[];
And are displayable with the programs built as part of it:
# keyctl --version
keyctl from keyutils-1.5.3 (Built 2011-08-24)
# request-key --version
request-key from keyutils-1.5.3 (Built 2011-08-24)
The DNS query resolver gets extended version information as it already has its
own version number:
# key.dns_resolver --version
version: 1.0 from keyutils-1.5.3 (2011-08-24)
(the keyutils version is simply appended to the original).
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use ptrdiff_t format spec ("%td") in printf when displaying a pointer
subtraction result rather than a size_t ("%zu") or ssize_t ("%zd") format spec
as on something like the S390 pointers are not the same size as size_t,
resulting in the following warnings:
request-key.c: In function 'execute_program':
request-key.c:583:4: error: format '%zd' expects argument of type 'signed size_t', but argument 2 has type 'int' [-Werror=format]
request-key.c: In function 'pipe_to_program':
request-key.c:841:2: error: format '%zd' expects argument of type 'signed size_t', but argument 2 has type 'int' [-Werror=format]
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compiler warnings:
request-key.c: In function 'pipe_to_program':
request-key.c:714: warning: dereferencing type-punned pointer will break strict-aliasing rules
request-key.c:715: warning: dereferencing type-punned pointer will break strict-aliasing rules
request-key.c:712: warning: dereferencing pointer 'wfds.89' does break strict-aliasing rules
request-key.c:712: note: initialized from here
request-key.c:712: warning: dereferencing pointer 'rfds.90' does break strict-aliasing rules
request-key.c:712: note: initialized from here
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add build dependency on glibc-kernheaders with key management syscall
- Add data pipe-in facility for keyctl request2
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
- Add data pipe-in facilities for keyctl add, update and instantiate
|
|
|
|
|
|
| |
- Added stdint.h inclusion in keyutils.h
- Made request-key.c use request_key() rather than keyctl_search()
- Added piping facility to request-key
|
|
|
|
|
|
| |
- Added timeout keyctl option
- request_key auth keys must now be assumed
- Fix keyctl argument ordering for debug negate line in request-key.conf
|
|
|