keyutils 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +41 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/keyutils.gemspec +28 -0
- data/lib/keyutils.rb +11 -0
- data/lib/keyutils/key.rb +572 -0
- data/lib/keyutils/key_perm.rb +49 -0
- data/lib/keyutils/key_types.rb +24 -0
- data/lib/keyutils/keyring.rb +527 -0
- data/lib/keyutils/lib.rb +433 -0
- data/lib/keyutils/version.rb +3 -0
- metadata +132 -0
data/lib/keyutils/lib.rb
ADDED
@@ -0,0 +1,433 @@
|
|
1
|
+
require 'ffi'
|
2
|
+
|
3
|
+
module Keyutils
|
4
|
+
module Lib
|
5
|
+
extend FFI::Library
|
6
|
+
@@lib = (ffi_lib %w(keyutils keyutils.so.1)).first
|
7
|
+
|
8
|
+
def self.attach_text_string name
|
9
|
+
val = @@lib.find_variable(name.to_s).get_string 0
|
10
|
+
singleton_class.send :define_method, name, ->() { val }
|
11
|
+
end
|
12
|
+
|
13
|
+
attach_text_string :keyutils_version_string
|
14
|
+
attach_text_string :keyutils_build_string
|
15
|
+
|
16
|
+
# When used on return values, raises a system call error if -1
|
17
|
+
module KeySerialConverter
|
18
|
+
extend FFI::DataConverter
|
19
|
+
native_type FFI::Type::INT32
|
20
|
+
|
21
|
+
def self.from_native val, ctx
|
22
|
+
fail SystemCallError, FFI.errno, caller if val == -1
|
23
|
+
super
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
# key serial number
|
28
|
+
typedef KeySerialConverter, :key_serial_t
|
29
|
+
|
30
|
+
# special process keyring shortcut IDs
|
31
|
+
KEY_SPEC = {
|
32
|
+
THREAD_KEYRING: -1, # key ID for thread-specific keyring
|
33
|
+
PROCESS_KEYRING: -2, # key ID for process-specific keyring
|
34
|
+
SESSION_KEYRING: -3, # key ID for session-specific keyring
|
35
|
+
USER_KEYRING: -4, # key ID for UID-specific keyring
|
36
|
+
USER_SESSION_KEYRING: -5, # key ID for UID-session keyring
|
37
|
+
GROUP_KEYRING: -6, # key ID for GID-specific keyring
|
38
|
+
REQKEY_AUTH_KEY: -7 # key ID for assumed request_key auth key
|
39
|
+
}
|
40
|
+
|
41
|
+
# request-key default keyrings
|
42
|
+
KEY_REQKEY_DEFL = {
|
43
|
+
NO_CHANGE: -1,
|
44
|
+
DEFAULT: 0,
|
45
|
+
THREAD_KEYRING: 1,
|
46
|
+
PROCESS_KEYRING: 2,
|
47
|
+
SESSION_KEYRING: 3,
|
48
|
+
USER_KEYRING: 4,
|
49
|
+
USER_SESSION_KEYRING: 5,
|
50
|
+
GROUP_KEYRING: 6
|
51
|
+
}
|
52
|
+
|
53
|
+
# key handle permissions mask
|
54
|
+
typedef :uint32, :key_perm_t
|
55
|
+
|
56
|
+
# keyctl commands
|
57
|
+
KEYCTL = {
|
58
|
+
GET_KEYRING_ID: 0, # ask for a keyring's ID
|
59
|
+
JOIN_SESSION_KEYRING: 1, # join or start named session keyring
|
60
|
+
UPDATE: 2, # update a key
|
61
|
+
REVOKE: 3, # revoke a key
|
62
|
+
CHOWN: 4, # set ownership of a key
|
63
|
+
SETPERM: 5, # set perms on a key
|
64
|
+
DESCRIBE: 6, # describe a key
|
65
|
+
CLEAR: 7, # clear contents of a keyring
|
66
|
+
LINK: 8, # link a key into a keyring
|
67
|
+
UNLINK: 9, # unlink a key from a keyring
|
68
|
+
SEARCH: 10, # search for a key in a keyring
|
69
|
+
READ: 11, # read a key or keyring's contents
|
70
|
+
INSTANTIATE: 12, # instantiate a partially constructed key
|
71
|
+
NEGATE: 13, # negate a partially constructed key
|
72
|
+
SET_REQKEY_KEYRING: 14, # set default request-key keyring
|
73
|
+
SET_TIMEOUT: 15, # set timeout on a key
|
74
|
+
ASSUME_AUTHORITY: 16, # assume authority to instantiate key
|
75
|
+
GET_SECURITY: 17, # get key security label
|
76
|
+
SESSION_TO_PARENT: 18, # set my session keyring on my parent process
|
77
|
+
REJECT: 19, # reject a partially constructed key
|
78
|
+
INSTANTIATE_IOV: 20, # instantiate a partially constructed key
|
79
|
+
INVALIDATE: 21, # invalidate a key
|
80
|
+
GET_PERSISTENT: 22 # get a user's persistent keyring
|
81
|
+
}
|
82
|
+
|
83
|
+
# Attach a C function that can raise error (eg. through return type
|
84
|
+
# converter), allowing to provide errorclass => description map
|
85
|
+
def self.attach_function fname, *a, errors: {}, **kwargs
|
86
|
+
function = FFI::Library.instance_method(:attach_function).bind(self).call fname, *a, **kwargs
|
87
|
+
singleton_class.send :define_method, fname, ->(*a) do
|
88
|
+
begin
|
89
|
+
function.call *a
|
90
|
+
rescue Exception => e
|
91
|
+
msg = errors[e.class] || e.message
|
92
|
+
call = caller_locations(2, 1).first
|
93
|
+
call_desc = "#{call.absolute_path}:#{call.lineno}:in `#{fname}'"
|
94
|
+
raise e, msg, [call_desc] + caller(2)
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
include Errno
|
100
|
+
|
101
|
+
#
|
102
|
+
# syscall wrappers
|
103
|
+
#
|
104
|
+
|
105
|
+
# extern key_serial_t add_key(const char *type,
|
106
|
+
# const char *description,
|
107
|
+
# const void *payload,
|
108
|
+
# size_t plen,
|
109
|
+
# key_serial_t ringid);
|
110
|
+
attach_function :add_key, [:string, :string, :pointer, :size_t, :key_serial_t], :key_serial_t, errors: {
|
111
|
+
ENOKEY => "The keyring doesn't exist",
|
112
|
+
EKEYEXPIRED => "The keyring has expired",
|
113
|
+
EKEYREVOKED => "The keyring has been revoked",
|
114
|
+
EINVAL => "The payload data was invalid",
|
115
|
+
ENOMEM => "Insufficient memory to create a key",
|
116
|
+
EDQUOT => "The key quota for this user would be exceeded by " \
|
117
|
+
"creating this key or linking it to the keyring",
|
118
|
+
EACCES => "The keyring wasn't available for modification by the user",
|
119
|
+
ENODEV => "The key type was invalid"
|
120
|
+
}
|
121
|
+
|
122
|
+
# extern key_serial_t request_key(const char *type,
|
123
|
+
# const char *description,
|
124
|
+
# const char *callout_info,
|
125
|
+
# key_serial_t destringid);
|
126
|
+
attach_function :request_key, [:string, :string, :string, :key_serial_t], :key_serial_t, errors: {
|
127
|
+
EACCES => "The keyring wasn't available for modification by the user",
|
128
|
+
EINTR => "The request was interrupted by a signal",
|
129
|
+
EDQUOT => "The key quota for this user would be exceeded by creating this key or linking it to the keyring",
|
130
|
+
EKEYEXPIRED => "An expired key was found, but no replacement could be obtained",
|
131
|
+
EKEYREJECTED => "The attempt to generate a new key was rejected",
|
132
|
+
EKEYREVOKED => "A revoked key was found, but no replacement could be obtained",
|
133
|
+
ENOMEM => "Insufficient memory to create a key",
|
134
|
+
ENOKEY => "No matching key was found"
|
135
|
+
}
|
136
|
+
|
137
|
+
# extern long keyctl(int cmd, ...);
|
138
|
+
attach_function :keyctl, [:int, :varargs], :long
|
139
|
+
|
140
|
+
#
|
141
|
+
# keyctl function wrappers
|
142
|
+
#
|
143
|
+
|
144
|
+
# extern key_serial_t keyctl_get_keyring_ID(key_serial_t id, int create);
|
145
|
+
attach_function :keyctl_get_keyring_ID, [:key_serial_t, :bool], :key_serial_t, errors: {
|
146
|
+
ENOKEY => "No matching key was found",
|
147
|
+
ENOMEM => "Insufficient memory to create a key",
|
148
|
+
EDQUOT => "The key quota for this user would be exceeded by creating "\
|
149
|
+
"this key or linking it to the keyring"
|
150
|
+
}
|
151
|
+
|
152
|
+
# extern key_serial_t keyctl_join_session_keyring(const char *name);
|
153
|
+
attach_function :keyctl_join_session_keyring, [:string], :key_serial_t, errors: {
|
154
|
+
ENOMEM => "Insufficient memory to create a key",
|
155
|
+
EDQUOT => "The key quota for this user would be exceeded by creating "\
|
156
|
+
"this key or linking it to the keyring",
|
157
|
+
EACCES => "The named keyring exists, but is not searchable by the "\
|
158
|
+
"calling process"
|
159
|
+
}
|
160
|
+
|
161
|
+
module NonnegativeOrErrorLongConverter
|
162
|
+
extend FFI::DataConverter
|
163
|
+
native_type FFI::Type::LONG
|
164
|
+
|
165
|
+
def self.from_native val, ctx
|
166
|
+
fail SystemCallError, FFI.errno, caller if val == -1
|
167
|
+
super
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
typedef NonnegativeOrErrorLongConverter, :long_e
|
172
|
+
|
173
|
+
# extern long keyctl_update(key_serial_t id, const void *payload, size_t plen);
|
174
|
+
attach_function \
|
175
|
+
:keyctl_update,
|
176
|
+
[:key_serial_t, :pointer, :size_t],
|
177
|
+
:long_e,
|
178
|
+
errors: {
|
179
|
+
ENOKEY => "The key specified is invalid",
|
180
|
+
EKEYEXPIRED => "The key specified has expired",
|
181
|
+
EKEYREVOKED => "The key specified had been revoked",
|
182
|
+
EINVAL => "The payload data was invalid",
|
183
|
+
ENOMEM => "Insufficient memory to store the new payload",
|
184
|
+
EDQUOT => "The key quota for this user would be exceeded by increasing the size of the key to accommodate the new payload",
|
185
|
+
EACCES => "The key exists, but is not writable by the calling process",
|
186
|
+
EOPNOTSUPP => "The key type does not support the update operation on its keys",
|
187
|
+
}
|
188
|
+
|
189
|
+
# extern long keyctl_revoke(key_serial_t id);
|
190
|
+
attach_function \
|
191
|
+
:keyctl_revoke,
|
192
|
+
[:key_serial_t],
|
193
|
+
:long_e,
|
194
|
+
errors: {
|
195
|
+
ENOKEY => "The specified key does not exist",
|
196
|
+
EKEYREVOKED => "The key has already been revoked",
|
197
|
+
EACCES => "The named key exists, but is not writable by the calling process",
|
198
|
+
}
|
199
|
+
|
200
|
+
# extern long keyctl_chown(key_serial_t id, uid_t uid, gid_t gid);
|
201
|
+
attach_function \
|
202
|
+
:keyctl_chown,
|
203
|
+
[:key_serial_t, :uid_t, :gid_t],
|
204
|
+
:long_e,
|
205
|
+
errors: {
|
206
|
+
ENOKEY => "The specified key does not exist",
|
207
|
+
EKEYEXPIRED => "The specified key has expired",
|
208
|
+
EKEYREVOKED => "The specified key has been revoked",
|
209
|
+
EDQUOT => "Changing the UID to the one specified would run that UID "\
|
210
|
+
"out of quota",
|
211
|
+
}
|
212
|
+
|
213
|
+
# extern long keyctl_setperm(key_serial_t id, key_perm_t perm);
|
214
|
+
attach_function :keyctl_setperm, [:key_serial_t, :key_perm_t], :long_e, errors: {
|
215
|
+
ENOKEY => "The specified key does not exist",
|
216
|
+
EKEYEXPIRED => "The specified key has expired",
|
217
|
+
EKEYREVOKED => "The specified key has been revoked",
|
218
|
+
EACCES => "The named key exists, but does not grant setattr permission "\
|
219
|
+
"to the calling process",
|
220
|
+
}
|
221
|
+
|
222
|
+
# extern long keyctl_describe(key_serial_t id, char *buffer, size_t buflen);
|
223
|
+
attach_function :keyctl_describe, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
224
|
+
ENOKEY => "The key specified is invalid",
|
225
|
+
EKEYEXPIRED => "The key specified has expired",
|
226
|
+
EKEYREVOKED => "The key specified had been revoked",
|
227
|
+
EACCES => "The key exists, but is not viewable by the calling process"
|
228
|
+
}
|
229
|
+
|
230
|
+
# extern long keyctl_clear(key_serial_t ringid);
|
231
|
+
attach_function :keyctl_clear, [:key_serial_t], :long_e, errors: {
|
232
|
+
ENOKEY => "The keyring specified is invalid",
|
233
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
234
|
+
EKEYREVOKED => "The keyring specified had been revoked",
|
235
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
236
|
+
}
|
237
|
+
|
238
|
+
# extern long keyctl_link(key_serial_t id, key_serial_t ringid);
|
239
|
+
attach_function :keyctl_link, [:key_serial_t, :key_serial_t], :long_e, errors: {
|
240
|
+
ENOKEY => "The key or the keyring specified are invalid",
|
241
|
+
EKEYEXPIRED => "The key or the keyring specified have expired",
|
242
|
+
EKEYREVOKED => "The key or the keyring specified have been revoked",
|
243
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
244
|
+
ENOMEM => "Insufficient memory to expand the keyrin",
|
245
|
+
EDQUOT => "Expanding the keyring would exceed the keyring owner's quota",
|
246
|
+
EACCES => "The key exists, but is not linkable by the calling process"
|
247
|
+
}
|
248
|
+
|
249
|
+
# extern long keyctl_unlink(key_serial_t id, key_serial_t ringid);
|
250
|
+
attach_function :keyctl_unlink, [:key_serial_t, :key_serial_t], :long_e, errors: {
|
251
|
+
ENOKEY => "The key or the keyring specified are invalid",
|
252
|
+
EKEYEXPIRED => "The key or the keyring specified have expired",
|
253
|
+
EKEYREVOKED => "The key or the keyring specified have been revoked",
|
254
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
255
|
+
}
|
256
|
+
|
257
|
+
# extern long keyctl_search(key_serial_t ringid,
|
258
|
+
# const char *type,
|
259
|
+
# const char *description,
|
260
|
+
# key_serial_t destringid);
|
261
|
+
attach_function :keyctl_search, [:key_serial_t, :string, :string, :key_serial_t], :long_e, errors: {
|
262
|
+
ENOKEY => "One of the keyrings doesn't exist, no key was found by the "\
|
263
|
+
"search, or the only key found by the search was a negative key",
|
264
|
+
ENOTDIR => "One of the keyrings is a valid key that isn't a keyring",
|
265
|
+
EKEYEXPIRED => "One of the keyrings has expired, or the only key found "\
|
266
|
+
"was expired",
|
267
|
+
EKEYREVOKED => "One of the keyrings has been revoked, or the only key "\
|
268
|
+
"found was revoked",
|
269
|
+
ENOMEM => "Insufficient memory to expand the destination keyring",
|
270
|
+
EDQUOT => "The key quota for this user would be exceeded by creating a "\
|
271
|
+
"link to the found key in the destination keyring",
|
272
|
+
EACCES => "The source keyring didn't grant search permission, the "\
|
273
|
+
"destination keyring didn't grant write permission or the found key "\
|
274
|
+
"didn't grant link permission to the caller"
|
275
|
+
}
|
276
|
+
|
277
|
+
# extern long keyctl_read(key_serial_t id, char *buffer, size_t buflen);
|
278
|
+
attach_function :keyctl_read, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
279
|
+
ENOKEY => "The key specified is invalid",
|
280
|
+
EKEYEXPIRED => "The key specified has expired",
|
281
|
+
EKEYREVOKED => "The key specified had been revoked",
|
282
|
+
EACCES => "The key exists, but is not readable by the calling process",
|
283
|
+
EOPNOTSUPP => "The key type does not support reading of the payload data"
|
284
|
+
}
|
285
|
+
|
286
|
+
# extern long keyctl_instantiate(key_serial_t id,
|
287
|
+
# const void *payload,
|
288
|
+
# size_t plen,
|
289
|
+
# key_serial_t ringid);
|
290
|
+
attach_function :keyctl_instantiate, [:key_serial_t, :pointer, :size_t, :key_serial_t], :long_e, errors: {
|
291
|
+
ENOKEY => "The key or keyring specified is invalid",
|
292
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
293
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
294
|
+
"authorisation has been revoked",
|
295
|
+
EINVAL => "The payload data was invalid",
|
296
|
+
ENOMEM => "Insufficient memory to store the new payload or to expand "\
|
297
|
+
"the destination keyring",
|
298
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
299
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
300
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
301
|
+
"destination keyring",
|
302
|
+
EACCES => "The key exists, but is not writable by the requester",
|
303
|
+
}
|
304
|
+
|
305
|
+
# extern long keyctl_negate(key_serial_t id, unsigned timeout, key_serial_t ringid);
|
306
|
+
attach_function :keyctl_negate, [:key_serial_t, :uint, :key_serial_t], :long_e, errors: {
|
307
|
+
ENOKEY => "The key or keyring specified is invalid",
|
308
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
309
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
310
|
+
"authorisation has been revoked",
|
311
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
312
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
313
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
314
|
+
"destination keyring",
|
315
|
+
EACCES => "The key exists, but is not writable by the requester"
|
316
|
+
}
|
317
|
+
|
318
|
+
# extern long keyctl_set_reqkey_keyring(int reqkey_defl);
|
319
|
+
attach_function :keyctl_set_reqkey_keyring, [:int], :long_e, errors: {
|
320
|
+
EINVAL => "The value of reqkey_defl is invalid",
|
321
|
+
}
|
322
|
+
|
323
|
+
# extern long keyctl_set_timeout(key_serial_t key, unsigned timeout);
|
324
|
+
attach_function :keyctl_set_timeout, [:key_serial_t, :uint], :long_e, errors: {
|
325
|
+
ENOKEY => "The specified key does not exist",
|
326
|
+
EKEYEXPIRED => "The specified key has already expired",
|
327
|
+
EKEYREVOKED => "The specified key has been revoked",
|
328
|
+
EACCES => "The named key exists, but does not grant setattr permission "\
|
329
|
+
"to the calling process"
|
330
|
+
}
|
331
|
+
|
332
|
+
# extern long keyctl_assume_authority(key_serial_t key);
|
333
|
+
attach_function :keyctl_assume_authority, [:key_serial_t], :long_e, errors: {
|
334
|
+
ENOKEY => "The key specified is invalid",
|
335
|
+
EKEYEXPIRED => "The key specified has expired",
|
336
|
+
EKEYREVOKED => "The key specified had been revoked, or the "\
|
337
|
+
"authorisation has been revoked"
|
338
|
+
}
|
339
|
+
|
340
|
+
# extern long keyctl_get_security(key_serial_t key, char *buffer, size_t buflen);
|
341
|
+
attach_function :keyctl_get_security, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
342
|
+
ENOKEY => "The key specified is invalid",
|
343
|
+
EKEYEXPIRED => "The key specified has expired",
|
344
|
+
EKEYREVOKED => "The key specified had been revoked",
|
345
|
+
EACCES => "The key exists, but is not viewable by the calling process",
|
346
|
+
}
|
347
|
+
|
348
|
+
# extern long keyctl_session_to_parent(void);
|
349
|
+
attach_function :keyctl_session_to_parent, [], :long_e, errors: {
|
350
|
+
ENOMEM => "Insufficient memory to create a key",
|
351
|
+
EPERM => "The credentials of the parent don't match those of the caller",
|
352
|
+
EACCES => "The named keyring exists, but is not linkable by the "\
|
353
|
+
"calling process",
|
354
|
+
}
|
355
|
+
|
356
|
+
# extern long keyctl_reject(key_serial_t id, unsigned timeout, unsigned error,
|
357
|
+
# key_serial_t ringid);
|
358
|
+
attach_function :keyctl_reject, [:key_serial_t, :uint, :uint, :key_serial_t], :long_e, errors: {
|
359
|
+
ENOKEY => "The key or keyring specified is invalid",
|
360
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
361
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
362
|
+
"authorisation has been revoked",
|
363
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
364
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
365
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
366
|
+
"destination keyring",
|
367
|
+
EACCES => "The key exists, but is not writable by the requester"
|
368
|
+
}
|
369
|
+
|
370
|
+
# struct iovec;
|
371
|
+
# extern long keyctl_instantiate_iov(key_serial_t id,
|
372
|
+
# const struct iovec *payload_iov,
|
373
|
+
# unsigned ioc,
|
374
|
+
# key_serial_t ringid);
|
375
|
+
attach_function :keyctl_instantiate_iov, [:key_serial_t, :pointer, :uint, :key_serial_t], :long_e
|
376
|
+
|
377
|
+
# extern long keyctl_invalidate(key_serial_t id);
|
378
|
+
attach_function :keyctl_invalidate, [:key_serial_t], :long_e, errors: {
|
379
|
+
ENOKEY => "The key specified is invalid",
|
380
|
+
EKEYEXPIRED => "The key specified has expired",
|
381
|
+
EKEYREVOKED => "The key specified had been revoked",
|
382
|
+
EACCES => "The key exists, but is not searchable by the calling process"
|
383
|
+
}
|
384
|
+
|
385
|
+
# extern long keyctl_get_persistent(uid_t uid, key_serial_t id);
|
386
|
+
attach_function :keyctl_get_persistent, [:uid_t, :key_serial_t], :long_e, errors: {
|
387
|
+
EPERM => "Not permitted to access the persistent keyring for the "\
|
388
|
+
"requested UID",
|
389
|
+
ENOMEM => "Insufficient memory to create the persistent keyring or to "\
|
390
|
+
"extend destination keyring",
|
391
|
+
ENOKEY => "The destination keyring does not exist",
|
392
|
+
EKEYEXPIRED => "The destination keyring has expired",
|
393
|
+
EKEYREVOKED => "The destination keyring has been revoked",
|
394
|
+
EDQUOT => "The user does not have sufficient quota to extend the "\
|
395
|
+
"destination keyring",
|
396
|
+
EACCES => "The destination keyring exists, but does not grant write "\
|
397
|
+
"permission to the calling process",
|
398
|
+
}
|
399
|
+
|
400
|
+
#
|
401
|
+
# utilities
|
402
|
+
#
|
403
|
+
|
404
|
+
# extern int keyctl_describe_alloc(key_serial_t id, char **_buffer);
|
405
|
+
attach_function :keyctl_describe_alloc, [:key_serial_t, :pointer], :int
|
406
|
+
|
407
|
+
# extern int keyctl_read_alloc(key_serial_t id, void **_buffer);
|
408
|
+
attach_function :keyctl_read_alloc, [:key_serial_t, :pointer], :int
|
409
|
+
|
410
|
+
# extern int keyctl_get_security_alloc(key_serial_t id, char **_buffer);
|
411
|
+
attach_function :keyctl_get_security_alloc, [:key_serial_t, :pointer], :int
|
412
|
+
|
413
|
+
# typedef int (*recursive_key_scanner_t)(key_serial_t parent, key_serial_t key,
|
414
|
+
# char *desc, int desc_len, void *data);
|
415
|
+
callback :recursive_key_scanner_t, [:key_serial_t, :key_serial_t, :pointer, :int, :pointer], :int
|
416
|
+
|
417
|
+
# extern int recursive_key_scan(key_serial_t key, recursive_key_scanner_t func, void *data);
|
418
|
+
attach_function :recursive_key_scan, [:key_serial_t, :recursive_key_scanner_t, :pointer], :int
|
419
|
+
|
420
|
+
# extern int recursive_session_key_scan(recursive_key_scanner_t func, void *data);
|
421
|
+
attach_function :recursive_session_key_scan, [:recursive_key_scanner_t, :pointer], :int
|
422
|
+
|
423
|
+
# extern key_serial_t find_key_by_type_and_desc(const char *type, const char *desc,
|
424
|
+
# key_serial_t destringid);
|
425
|
+
attach_function :find_key_by_type_and_desc, [:string, :string, :key_serial_t], :key_serial_t, errors: {
|
426
|
+
ENOKEY => "No key was found or the keyring specified is invalid",
|
427
|
+
EKEYEXPIRED => "The key or keyring have expired",
|
428
|
+
EKEYREVOKED => "The key or keyring have been revoked",
|
429
|
+
EACCES => "The key is not accessible or keyring exists, but is not "\
|
430
|
+
"writable by the calling process",
|
431
|
+
}
|
432
|
+
end
|
433
|
+
end
|
metadata
ADDED
@@ -0,0 +1,132 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: keyutils
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Rafał Rzepecki
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-02-07 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: ffi
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.9'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.9'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.10'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.10'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '10.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '10.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: pry
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: FFI-based wrapper for Linux keyutils library, providing idiomatic Ruby
|
84
|
+
access to the kernel keyring.
|
85
|
+
email:
|
86
|
+
- divided.mind@gmail.com
|
87
|
+
executables: []
|
88
|
+
extensions: []
|
89
|
+
extra_rdoc_files: []
|
90
|
+
files:
|
91
|
+
- ".gitignore"
|
92
|
+
- ".rspec"
|
93
|
+
- ".travis.yml"
|
94
|
+
- Gemfile
|
95
|
+
- LICENSE.txt
|
96
|
+
- README.md
|
97
|
+
- Rakefile
|
98
|
+
- bin/console
|
99
|
+
- bin/setup
|
100
|
+
- keyutils.gemspec
|
101
|
+
- lib/keyutils.rb
|
102
|
+
- lib/keyutils/key.rb
|
103
|
+
- lib/keyutils/key_perm.rb
|
104
|
+
- lib/keyutils/key_types.rb
|
105
|
+
- lib/keyutils/keyring.rb
|
106
|
+
- lib/keyutils/lib.rb
|
107
|
+
- lib/keyutils/version.rb
|
108
|
+
homepage: https://github.com/dividedmind/ruby-keyutils
|
109
|
+
licenses:
|
110
|
+
- MIT
|
111
|
+
metadata: {}
|
112
|
+
post_install_message:
|
113
|
+
rdoc_options: []
|
114
|
+
require_paths:
|
115
|
+
- lib
|
116
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - ">="
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
121
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - ">="
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
requirements: []
|
127
|
+
rubyforge_project:
|
128
|
+
rubygems_version: 2.4.8
|
129
|
+
signing_key:
|
130
|
+
specification_version: 4
|
131
|
+
summary: Wrapper for Linux keyutils library
|
132
|
+
test_files: []
|