keyfunc.sh.in (prepare): Indicate that an ACL check isn't necessary.

author Mark Wooding <mdw@distorted.org.uk>

Sun, 25 Dec 2011 23:46:39 +0000 (23:46 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Mon, 26 Dec 2011 00:08:44 +0000 (00:08 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Sun, 25 Dec 2011 23:46:39 +0000 (23:46 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Mon, 26 Dec 2011 00:08:44 +0000 (00:08 +0000)
diff --git a/keyfunc.sh.in b/keyfunc.sh.in

index bad5af12a755ffd883e8b1a37012211790a0d6f8..f134198afcbbf8d56ae02bfa097f5b3131780aec 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -426,7 +426,8 @@ k_verify () { notsupp verify; }
  prepare () {
    key=$1 op=$2
    ## Prepare for a crypto operation OP, using the KEY.  This validates the
  prepare () {
    key=$1 op=$2
    ## Prepare for a crypto operation OP, using the KEY.  This validates the
-  ## key label, reads the profile, and checks the access-control list.
+  ## key label, reads the profile, and checks the access-control list.  If OP
+  ## is `-' then allow the operation unconditionally.
  
    ## Find the key properties.
    parse_keylabel "$key"
  
    ## Find the key properties.
    parse_keylabel "$key"
@@ -436,6 +437,7 @@ prepare () {
  
    ## Check whether we're allowed to do this thing.  This is annoyingly
    ## fiddly.
  
    ## Check whether we're allowed to do this thing.  This is annoyingly
    ## fiddly.
+  case $op in -) return ;; esac
    eval acl=\${kprop_acl_$op-!owner}
    verdict=forbid
    while :; do
    eval acl=\${kprop_acl_$op-!owner}
    verdict=forbid
    while :; do
author	Mark Wooding <mdw@distorted.org.uk>
	Sun, 25 Dec 2011 23:46:39 +0000 (23:46 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Mon, 26 Dec 2011 00:08:44 +0000 (00:08 +0000)