X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/distorted-keys/blobdiff_plain/b65e1f934c6951c5943634f38ae4098573b94b0f..11c7b588618f2bddd4184def529c15d65cccefa4:/keyfunc.sh.in diff --git a/keyfunc.sh.in b/keyfunc.sh.in index aae5598..2a10f26 100644 --- a/keyfunc.sh.in +++ b/keyfunc.sh.in @@ -28,15 +28,26 @@ quis=${0##*/} ###-------------------------------------------------------------------------- ### Configuration variables. +## Automatically configured pathnames. PACKAGE="@PACKAGE@" VERSION="@VERSION@" bindir="@bindir@" -case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac - +## Read user configuration. if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi +## Maybe turn on debugging. case "${KEYS_DEBUG+t}" in t) set -x ;; esac +## Fake up caller credentials if not called via userv. +case "${USERV_USER+t}" in + t) ;; + *) USERV_USER=${LOGNAME-${USER-$(id -un)}} USERV_UID=$(id -u) ;; +esac +case "${USERV_GROUP+t}" in + t) ;; + *) USERV_GROUP=$(id -Gn) USERV_GID=$(id -gn) ;; +esac + ###-------------------------------------------------------------------------- ### Cleanup handling. @@ -133,7 +144,7 @@ check () { validp=t case "$thing" in *"$nl"*) validp=nil ;; - *) if ! expr >/dev/null "$thing" : "$ckpat\$"; then validp=nil; fi ;; + *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;; esac case $validp in nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;; @@ -227,9 +238,9 @@ defprops g_props </dev/null \ - if=/dev/${kprop_random-random} bs=1 count=${kprop_nubsz-512} | - openssl dgst -${kprop_nubhash-sha384} -binary | + if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} | + openssl dgst -${kprop_nub_hash-sha256} -binary | openssl base64 } nubid () { ## Compute a hash of the key nub in stdin, and write it to stdout in hex. - ## The property `nubidhash' is used. + ## The property `nubid_hash' is used. { echo "distorted-keys nubid"; cat -; } | - openssl dgst -${kprop_nubidhash-sha256} + openssl dgst -${kprop_nubid_hash-sha256} } subst () { @@ -327,9 +339,10 @@ subst () { } read_profile () { - profile=$1 + owner=$1 profile=$2 ## Read property settings from a profile. The PROFILE name has the form - ## [USER:]LABEL. Properties are set using `setprops' with prefix `kprop_'. + ## [USER:]LABEL; USER defaults to OWNER. Properties are set using + ## `setprops' with prefix `kprop_'. reqtmp case "$profile" in @@ -337,7 +350,7 @@ read_profile () { label=${profile#:} uservp=nil ;; *) - user=$USERV_USER label=$profile uservp=t + user=$kowner label=$profile uservp=t ;; *:*) user=${profile%%:*} label=${profile#*:} uservp=t @@ -424,16 +437,18 @@ k_verify () { notsupp verify; } prepare () { key=$1 op=$2 ## Prepare for a crypto operation OP, using the KEY. This validates the - ## key label, reads the profile, and checks the access-control list. + ## key label, reads the profile, and checks the access-control list. If OP + ## is `-' then allow the operation unconditionally. ## Find the key properties. parse_keylabel "$key" if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi readmeta $kdir - read_profile "$profile" + read_profile $kowner "$profile" ## Check whether we're allowed to do this thing. This is annoyingly ## fiddly. + case $op in -) return ;; esac eval acl=\${kprop_acl_$op-!owner} verdict=forbid while :; do @@ -474,7 +489,7 @@ prepare () { done case $verdict in - forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit ;; + forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit 1 ;; esac }