keyutils 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +41 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/keyutils.gemspec +28 -0
- data/lib/keyutils.rb +11 -0
- data/lib/keyutils/key.rb +572 -0
- data/lib/keyutils/key_perm.rb +49 -0
- data/lib/keyutils/key_types.rb +24 -0
- data/lib/keyutils/keyring.rb +527 -0
- data/lib/keyutils/lib.rb +433 -0
- data/lib/keyutils/version.rb +3 -0
- metadata +132 -0
data/lib/keyutils/lib.rb
ADDED
@@ -0,0 +1,433 @@
|
|
1
|
+
require 'ffi'
|
2
|
+
|
3
|
+
module Keyutils
|
4
|
+
module Lib
|
5
|
+
extend FFI::Library
|
6
|
+
@@lib = (ffi_lib %w(keyutils keyutils.so.1)).first
|
7
|
+
|
8
|
+
def self.attach_text_string name
|
9
|
+
val = @@lib.find_variable(name.to_s).get_string 0
|
10
|
+
singleton_class.send :define_method, name, ->() { val }
|
11
|
+
end
|
12
|
+
|
13
|
+
attach_text_string :keyutils_version_string
|
14
|
+
attach_text_string :keyutils_build_string
|
15
|
+
|
16
|
+
# When used on return values, raises a system call error if -1
|
17
|
+
module KeySerialConverter
|
18
|
+
extend FFI::DataConverter
|
19
|
+
native_type FFI::Type::INT32
|
20
|
+
|
21
|
+
def self.from_native val, ctx
|
22
|
+
fail SystemCallError, FFI.errno, caller if val == -1
|
23
|
+
super
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
# key serial number
|
28
|
+
typedef KeySerialConverter, :key_serial_t
|
29
|
+
|
30
|
+
# special process keyring shortcut IDs
|
31
|
+
KEY_SPEC = {
|
32
|
+
THREAD_KEYRING: -1, # key ID for thread-specific keyring
|
33
|
+
PROCESS_KEYRING: -2, # key ID for process-specific keyring
|
34
|
+
SESSION_KEYRING: -3, # key ID for session-specific keyring
|
35
|
+
USER_KEYRING: -4, # key ID for UID-specific keyring
|
36
|
+
USER_SESSION_KEYRING: -5, # key ID for UID-session keyring
|
37
|
+
GROUP_KEYRING: -6, # key ID for GID-specific keyring
|
38
|
+
REQKEY_AUTH_KEY: -7 # key ID for assumed request_key auth key
|
39
|
+
}
|
40
|
+
|
41
|
+
# request-key default keyrings
|
42
|
+
KEY_REQKEY_DEFL = {
|
43
|
+
NO_CHANGE: -1,
|
44
|
+
DEFAULT: 0,
|
45
|
+
THREAD_KEYRING: 1,
|
46
|
+
PROCESS_KEYRING: 2,
|
47
|
+
SESSION_KEYRING: 3,
|
48
|
+
USER_KEYRING: 4,
|
49
|
+
USER_SESSION_KEYRING: 5,
|
50
|
+
GROUP_KEYRING: 6
|
51
|
+
}
|
52
|
+
|
53
|
+
# key handle permissions mask
|
54
|
+
typedef :uint32, :key_perm_t
|
55
|
+
|
56
|
+
# keyctl commands
|
57
|
+
KEYCTL = {
|
58
|
+
GET_KEYRING_ID: 0, # ask for a keyring's ID
|
59
|
+
JOIN_SESSION_KEYRING: 1, # join or start named session keyring
|
60
|
+
UPDATE: 2, # update a key
|
61
|
+
REVOKE: 3, # revoke a key
|
62
|
+
CHOWN: 4, # set ownership of a key
|
63
|
+
SETPERM: 5, # set perms on a key
|
64
|
+
DESCRIBE: 6, # describe a key
|
65
|
+
CLEAR: 7, # clear contents of a keyring
|
66
|
+
LINK: 8, # link a key into a keyring
|
67
|
+
UNLINK: 9, # unlink a key from a keyring
|
68
|
+
SEARCH: 10, # search for a key in a keyring
|
69
|
+
READ: 11, # read a key or keyring's contents
|
70
|
+
INSTANTIATE: 12, # instantiate a partially constructed key
|
71
|
+
NEGATE: 13, # negate a partially constructed key
|
72
|
+
SET_REQKEY_KEYRING: 14, # set default request-key keyring
|
73
|
+
SET_TIMEOUT: 15, # set timeout on a key
|
74
|
+
ASSUME_AUTHORITY: 16, # assume authority to instantiate key
|
75
|
+
GET_SECURITY: 17, # get key security label
|
76
|
+
SESSION_TO_PARENT: 18, # set my session keyring on my parent process
|
77
|
+
REJECT: 19, # reject a partially constructed key
|
78
|
+
INSTANTIATE_IOV: 20, # instantiate a partially constructed key
|
79
|
+
INVALIDATE: 21, # invalidate a key
|
80
|
+
GET_PERSISTENT: 22 # get a user's persistent keyring
|
81
|
+
}
|
82
|
+
|
83
|
+
# Attach a C function that can raise error (eg. through return type
|
84
|
+
# converter), allowing to provide errorclass => description map
|
85
|
+
def self.attach_function fname, *a, errors: {}, **kwargs
|
86
|
+
function = FFI::Library.instance_method(:attach_function).bind(self).call fname, *a, **kwargs
|
87
|
+
singleton_class.send :define_method, fname, ->(*a) do
|
88
|
+
begin
|
89
|
+
function.call *a
|
90
|
+
rescue Exception => e
|
91
|
+
msg = errors[e.class] || e.message
|
92
|
+
call = caller_locations(2, 1).first
|
93
|
+
call_desc = "#{call.absolute_path}:#{call.lineno}:in `#{fname}'"
|
94
|
+
raise e, msg, [call_desc] + caller(2)
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
include Errno
|
100
|
+
|
101
|
+
#
|
102
|
+
# syscall wrappers
|
103
|
+
#
|
104
|
+
|
105
|
+
# extern key_serial_t add_key(const char *type,
|
106
|
+
# const char *description,
|
107
|
+
# const void *payload,
|
108
|
+
# size_t plen,
|
109
|
+
# key_serial_t ringid);
|
110
|
+
attach_function :add_key, [:string, :string, :pointer, :size_t, :key_serial_t], :key_serial_t, errors: {
|
111
|
+
ENOKEY => "The keyring doesn't exist",
|
112
|
+
EKEYEXPIRED => "The keyring has expired",
|
113
|
+
EKEYREVOKED => "The keyring has been revoked",
|
114
|
+
EINVAL => "The payload data was invalid",
|
115
|
+
ENOMEM => "Insufficient memory to create a key",
|
116
|
+
EDQUOT => "The key quota for this user would be exceeded by " \
|
117
|
+
"creating this key or linking it to the keyring",
|
118
|
+
EACCES => "The keyring wasn't available for modification by the user",
|
119
|
+
ENODEV => "The key type was invalid"
|
120
|
+
}
|
121
|
+
|
122
|
+
# extern key_serial_t request_key(const char *type,
|
123
|
+
# const char *description,
|
124
|
+
# const char *callout_info,
|
125
|
+
# key_serial_t destringid);
|
126
|
+
attach_function :request_key, [:string, :string, :string, :key_serial_t], :key_serial_t, errors: {
|
127
|
+
EACCES => "The keyring wasn't available for modification by the user",
|
128
|
+
EINTR => "The request was interrupted by a signal",
|
129
|
+
EDQUOT => "The key quota for this user would be exceeded by creating this key or linking it to the keyring",
|
130
|
+
EKEYEXPIRED => "An expired key was found, but no replacement could be obtained",
|
131
|
+
EKEYREJECTED => "The attempt to generate a new key was rejected",
|
132
|
+
EKEYREVOKED => "A revoked key was found, but no replacement could be obtained",
|
133
|
+
ENOMEM => "Insufficient memory to create a key",
|
134
|
+
ENOKEY => "No matching key was found"
|
135
|
+
}
|
136
|
+
|
137
|
+
# extern long keyctl(int cmd, ...);
|
138
|
+
attach_function :keyctl, [:int, :varargs], :long
|
139
|
+
|
140
|
+
#
|
141
|
+
# keyctl function wrappers
|
142
|
+
#
|
143
|
+
|
144
|
+
# extern key_serial_t keyctl_get_keyring_ID(key_serial_t id, int create);
|
145
|
+
attach_function :keyctl_get_keyring_ID, [:key_serial_t, :bool], :key_serial_t, errors: {
|
146
|
+
ENOKEY => "No matching key was found",
|
147
|
+
ENOMEM => "Insufficient memory to create a key",
|
148
|
+
EDQUOT => "The key quota for this user would be exceeded by creating "\
|
149
|
+
"this key or linking it to the keyring"
|
150
|
+
}
|
151
|
+
|
152
|
+
# extern key_serial_t keyctl_join_session_keyring(const char *name);
|
153
|
+
attach_function :keyctl_join_session_keyring, [:string], :key_serial_t, errors: {
|
154
|
+
ENOMEM => "Insufficient memory to create a key",
|
155
|
+
EDQUOT => "The key quota for this user would be exceeded by creating "\
|
156
|
+
"this key or linking it to the keyring",
|
157
|
+
EACCES => "The named keyring exists, but is not searchable by the "\
|
158
|
+
"calling process"
|
159
|
+
}
|
160
|
+
|
161
|
+
module NonnegativeOrErrorLongConverter
|
162
|
+
extend FFI::DataConverter
|
163
|
+
native_type FFI::Type::LONG
|
164
|
+
|
165
|
+
def self.from_native val, ctx
|
166
|
+
fail SystemCallError, FFI.errno, caller if val == -1
|
167
|
+
super
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
typedef NonnegativeOrErrorLongConverter, :long_e
|
172
|
+
|
173
|
+
# extern long keyctl_update(key_serial_t id, const void *payload, size_t plen);
|
174
|
+
attach_function \
|
175
|
+
:keyctl_update,
|
176
|
+
[:key_serial_t, :pointer, :size_t],
|
177
|
+
:long_e,
|
178
|
+
errors: {
|
179
|
+
ENOKEY => "The key specified is invalid",
|
180
|
+
EKEYEXPIRED => "The key specified has expired",
|
181
|
+
EKEYREVOKED => "The key specified had been revoked",
|
182
|
+
EINVAL => "The payload data was invalid",
|
183
|
+
ENOMEM => "Insufficient memory to store the new payload",
|
184
|
+
EDQUOT => "The key quota for this user would be exceeded by increasing the size of the key to accommodate the new payload",
|
185
|
+
EACCES => "The key exists, but is not writable by the calling process",
|
186
|
+
EOPNOTSUPP => "The key type does not support the update operation on its keys",
|
187
|
+
}
|
188
|
+
|
189
|
+
# extern long keyctl_revoke(key_serial_t id);
|
190
|
+
attach_function \
|
191
|
+
:keyctl_revoke,
|
192
|
+
[:key_serial_t],
|
193
|
+
:long_e,
|
194
|
+
errors: {
|
195
|
+
ENOKEY => "The specified key does not exist",
|
196
|
+
EKEYREVOKED => "The key has already been revoked",
|
197
|
+
EACCES => "The named key exists, but is not writable by the calling process",
|
198
|
+
}
|
199
|
+
|
200
|
+
# extern long keyctl_chown(key_serial_t id, uid_t uid, gid_t gid);
|
201
|
+
attach_function \
|
202
|
+
:keyctl_chown,
|
203
|
+
[:key_serial_t, :uid_t, :gid_t],
|
204
|
+
:long_e,
|
205
|
+
errors: {
|
206
|
+
ENOKEY => "The specified key does not exist",
|
207
|
+
EKEYEXPIRED => "The specified key has expired",
|
208
|
+
EKEYREVOKED => "The specified key has been revoked",
|
209
|
+
EDQUOT => "Changing the UID to the one specified would run that UID "\
|
210
|
+
"out of quota",
|
211
|
+
}
|
212
|
+
|
213
|
+
# extern long keyctl_setperm(key_serial_t id, key_perm_t perm);
|
214
|
+
attach_function :keyctl_setperm, [:key_serial_t, :key_perm_t], :long_e, errors: {
|
215
|
+
ENOKEY => "The specified key does not exist",
|
216
|
+
EKEYEXPIRED => "The specified key has expired",
|
217
|
+
EKEYREVOKED => "The specified key has been revoked",
|
218
|
+
EACCES => "The named key exists, but does not grant setattr permission "\
|
219
|
+
"to the calling process",
|
220
|
+
}
|
221
|
+
|
222
|
+
# extern long keyctl_describe(key_serial_t id, char *buffer, size_t buflen);
|
223
|
+
attach_function :keyctl_describe, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
224
|
+
ENOKEY => "The key specified is invalid",
|
225
|
+
EKEYEXPIRED => "The key specified has expired",
|
226
|
+
EKEYREVOKED => "The key specified had been revoked",
|
227
|
+
EACCES => "The key exists, but is not viewable by the calling process"
|
228
|
+
}
|
229
|
+
|
230
|
+
# extern long keyctl_clear(key_serial_t ringid);
|
231
|
+
attach_function :keyctl_clear, [:key_serial_t], :long_e, errors: {
|
232
|
+
ENOKEY => "The keyring specified is invalid",
|
233
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
234
|
+
EKEYREVOKED => "The keyring specified had been revoked",
|
235
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
236
|
+
}
|
237
|
+
|
238
|
+
# extern long keyctl_link(key_serial_t id, key_serial_t ringid);
|
239
|
+
attach_function :keyctl_link, [:key_serial_t, :key_serial_t], :long_e, errors: {
|
240
|
+
ENOKEY => "The key or the keyring specified are invalid",
|
241
|
+
EKEYEXPIRED => "The key or the keyring specified have expired",
|
242
|
+
EKEYREVOKED => "The key or the keyring specified have been revoked",
|
243
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
244
|
+
ENOMEM => "Insufficient memory to expand the keyrin",
|
245
|
+
EDQUOT => "Expanding the keyring would exceed the keyring owner's quota",
|
246
|
+
EACCES => "The key exists, but is not linkable by the calling process"
|
247
|
+
}
|
248
|
+
|
249
|
+
# extern long keyctl_unlink(key_serial_t id, key_serial_t ringid);
|
250
|
+
attach_function :keyctl_unlink, [:key_serial_t, :key_serial_t], :long_e, errors: {
|
251
|
+
ENOKEY => "The key or the keyring specified are invalid",
|
252
|
+
EKEYEXPIRED => "The key or the keyring specified have expired",
|
253
|
+
EKEYREVOKED => "The key or the keyring specified have been revoked",
|
254
|
+
EACCES => "The keyring exists, but is not writable by the calling process",
|
255
|
+
}
|
256
|
+
|
257
|
+
# extern long keyctl_search(key_serial_t ringid,
|
258
|
+
# const char *type,
|
259
|
+
# const char *description,
|
260
|
+
# key_serial_t destringid);
|
261
|
+
attach_function :keyctl_search, [:key_serial_t, :string, :string, :key_serial_t], :long_e, errors: {
|
262
|
+
ENOKEY => "One of the keyrings doesn't exist, no key was found by the "\
|
263
|
+
"search, or the only key found by the search was a negative key",
|
264
|
+
ENOTDIR => "One of the keyrings is a valid key that isn't a keyring",
|
265
|
+
EKEYEXPIRED => "One of the keyrings has expired, or the only key found "\
|
266
|
+
"was expired",
|
267
|
+
EKEYREVOKED => "One of the keyrings has been revoked, or the only key "\
|
268
|
+
"found was revoked",
|
269
|
+
ENOMEM => "Insufficient memory to expand the destination keyring",
|
270
|
+
EDQUOT => "The key quota for this user would be exceeded by creating a "\
|
271
|
+
"link to the found key in the destination keyring",
|
272
|
+
EACCES => "The source keyring didn't grant search permission, the "\
|
273
|
+
"destination keyring didn't grant write permission or the found key "\
|
274
|
+
"didn't grant link permission to the caller"
|
275
|
+
}
|
276
|
+
|
277
|
+
# extern long keyctl_read(key_serial_t id, char *buffer, size_t buflen);
|
278
|
+
attach_function :keyctl_read, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
279
|
+
ENOKEY => "The key specified is invalid",
|
280
|
+
EKEYEXPIRED => "The key specified has expired",
|
281
|
+
EKEYREVOKED => "The key specified had been revoked",
|
282
|
+
EACCES => "The key exists, but is not readable by the calling process",
|
283
|
+
EOPNOTSUPP => "The key type does not support reading of the payload data"
|
284
|
+
}
|
285
|
+
|
286
|
+
# extern long keyctl_instantiate(key_serial_t id,
|
287
|
+
# const void *payload,
|
288
|
+
# size_t plen,
|
289
|
+
# key_serial_t ringid);
|
290
|
+
attach_function :keyctl_instantiate, [:key_serial_t, :pointer, :size_t, :key_serial_t], :long_e, errors: {
|
291
|
+
ENOKEY => "The key or keyring specified is invalid",
|
292
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
293
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
294
|
+
"authorisation has been revoked",
|
295
|
+
EINVAL => "The payload data was invalid",
|
296
|
+
ENOMEM => "Insufficient memory to store the new payload or to expand "\
|
297
|
+
"the destination keyring",
|
298
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
299
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
300
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
301
|
+
"destination keyring",
|
302
|
+
EACCES => "The key exists, but is not writable by the requester",
|
303
|
+
}
|
304
|
+
|
305
|
+
# extern long keyctl_negate(key_serial_t id, unsigned timeout, key_serial_t ringid);
|
306
|
+
attach_function :keyctl_negate, [:key_serial_t, :uint, :key_serial_t], :long_e, errors: {
|
307
|
+
ENOKEY => "The key or keyring specified is invalid",
|
308
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
309
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
310
|
+
"authorisation has been revoked",
|
311
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
312
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
313
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
314
|
+
"destination keyring",
|
315
|
+
EACCES => "The key exists, but is not writable by the requester"
|
316
|
+
}
|
317
|
+
|
318
|
+
# extern long keyctl_set_reqkey_keyring(int reqkey_defl);
|
319
|
+
attach_function :keyctl_set_reqkey_keyring, [:int], :long_e, errors: {
|
320
|
+
EINVAL => "The value of reqkey_defl is invalid",
|
321
|
+
}
|
322
|
+
|
323
|
+
# extern long keyctl_set_timeout(key_serial_t key, unsigned timeout);
|
324
|
+
attach_function :keyctl_set_timeout, [:key_serial_t, :uint], :long_e, errors: {
|
325
|
+
ENOKEY => "The specified key does not exist",
|
326
|
+
EKEYEXPIRED => "The specified key has already expired",
|
327
|
+
EKEYREVOKED => "The specified key has been revoked",
|
328
|
+
EACCES => "The named key exists, but does not grant setattr permission "\
|
329
|
+
"to the calling process"
|
330
|
+
}
|
331
|
+
|
332
|
+
# extern long keyctl_assume_authority(key_serial_t key);
|
333
|
+
attach_function :keyctl_assume_authority, [:key_serial_t], :long_e, errors: {
|
334
|
+
ENOKEY => "The key specified is invalid",
|
335
|
+
EKEYEXPIRED => "The key specified has expired",
|
336
|
+
EKEYREVOKED => "The key specified had been revoked, or the "\
|
337
|
+
"authorisation has been revoked"
|
338
|
+
}
|
339
|
+
|
340
|
+
# extern long keyctl_get_security(key_serial_t key, char *buffer, size_t buflen);
|
341
|
+
attach_function :keyctl_get_security, [:key_serial_t, :pointer, :size_t], :long_e, errors: {
|
342
|
+
ENOKEY => "The key specified is invalid",
|
343
|
+
EKEYEXPIRED => "The key specified has expired",
|
344
|
+
EKEYREVOKED => "The key specified had been revoked",
|
345
|
+
EACCES => "The key exists, but is not viewable by the calling process",
|
346
|
+
}
|
347
|
+
|
348
|
+
# extern long keyctl_session_to_parent(void);
|
349
|
+
attach_function :keyctl_session_to_parent, [], :long_e, errors: {
|
350
|
+
ENOMEM => "Insufficient memory to create a key",
|
351
|
+
EPERM => "The credentials of the parent don't match those of the caller",
|
352
|
+
EACCES => "The named keyring exists, but is not linkable by the "\
|
353
|
+
"calling process",
|
354
|
+
}
|
355
|
+
|
356
|
+
# extern long keyctl_reject(key_serial_t id, unsigned timeout, unsigned error,
|
357
|
+
# key_serial_t ringid);
|
358
|
+
attach_function :keyctl_reject, [:key_serial_t, :uint, :uint, :key_serial_t], :long_e, errors: {
|
359
|
+
ENOKEY => "The key or keyring specified is invalid",
|
360
|
+
EKEYEXPIRED => "The keyring specified has expired",
|
361
|
+
EKEYREVOKED => "The key or keyring specified had been revoked, or the "\
|
362
|
+
"authorisation has been revoked",
|
363
|
+
EDQUOT => "The key quota for the key's user would be exceeded by "\
|
364
|
+
"increasing the size of the key to accommodate the new payload or the "\
|
365
|
+
"key quota for the keyring's user would be exceeded by expanding the "\
|
366
|
+
"destination keyring",
|
367
|
+
EACCES => "The key exists, but is not writable by the requester"
|
368
|
+
}
|
369
|
+
|
370
|
+
# struct iovec;
|
371
|
+
# extern long keyctl_instantiate_iov(key_serial_t id,
|
372
|
+
# const struct iovec *payload_iov,
|
373
|
+
# unsigned ioc,
|
374
|
+
# key_serial_t ringid);
|
375
|
+
attach_function :keyctl_instantiate_iov, [:key_serial_t, :pointer, :uint, :key_serial_t], :long_e
|
376
|
+
|
377
|
+
# extern long keyctl_invalidate(key_serial_t id);
|
378
|
+
attach_function :keyctl_invalidate, [:key_serial_t], :long_e, errors: {
|
379
|
+
ENOKEY => "The key specified is invalid",
|
380
|
+
EKEYEXPIRED => "The key specified has expired",
|
381
|
+
EKEYREVOKED => "The key specified had been revoked",
|
382
|
+
EACCES => "The key exists, but is not searchable by the calling process"
|
383
|
+
}
|
384
|
+
|
385
|
+
# extern long keyctl_get_persistent(uid_t uid, key_serial_t id);
|
386
|
+
attach_function :keyctl_get_persistent, [:uid_t, :key_serial_t], :long_e, errors: {
|
387
|
+
EPERM => "Not permitted to access the persistent keyring for the "\
|
388
|
+
"requested UID",
|
389
|
+
ENOMEM => "Insufficient memory to create the persistent keyring or to "\
|
390
|
+
"extend destination keyring",
|
391
|
+
ENOKEY => "The destination keyring does not exist",
|
392
|
+
EKEYEXPIRED => "The destination keyring has expired",
|
393
|
+
EKEYREVOKED => "The destination keyring has been revoked",
|
394
|
+
EDQUOT => "The user does not have sufficient quota to extend the "\
|
395
|
+
"destination keyring",
|
396
|
+
EACCES => "The destination keyring exists, but does not grant write "\
|
397
|
+
"permission to the calling process",
|
398
|
+
}
|
399
|
+
|
400
|
+
#
|
401
|
+
# utilities
|
402
|
+
#
|
403
|
+
|
404
|
+
# extern int keyctl_describe_alloc(key_serial_t id, char **_buffer);
|
405
|
+
attach_function :keyctl_describe_alloc, [:key_serial_t, :pointer], :int
|
406
|
+
|
407
|
+
# extern int keyctl_read_alloc(key_serial_t id, void **_buffer);
|
408
|
+
attach_function :keyctl_read_alloc, [:key_serial_t, :pointer], :int
|
409
|
+
|
410
|
+
# extern int keyctl_get_security_alloc(key_serial_t id, char **_buffer);
|
411
|
+
attach_function :keyctl_get_security_alloc, [:key_serial_t, :pointer], :int
|
412
|
+
|
413
|
+
# typedef int (*recursive_key_scanner_t)(key_serial_t parent, key_serial_t key,
|
414
|
+
# char *desc, int desc_len, void *data);
|
415
|
+
callback :recursive_key_scanner_t, [:key_serial_t, :key_serial_t, :pointer, :int, :pointer], :int
|
416
|
+
|
417
|
+
# extern int recursive_key_scan(key_serial_t key, recursive_key_scanner_t func, void *data);
|
418
|
+
attach_function :recursive_key_scan, [:key_serial_t, :recursive_key_scanner_t, :pointer], :int
|
419
|
+
|
420
|
+
# extern int recursive_session_key_scan(recursive_key_scanner_t func, void *data);
|
421
|
+
attach_function :recursive_session_key_scan, [:recursive_key_scanner_t, :pointer], :int
|
422
|
+
|
423
|
+
# extern key_serial_t find_key_by_type_and_desc(const char *type, const char *desc,
|
424
|
+
# key_serial_t destringid);
|
425
|
+
attach_function :find_key_by_type_and_desc, [:string, :string, :key_serial_t], :key_serial_t, errors: {
|
426
|
+
ENOKEY => "No key was found or the keyring specified is invalid",
|
427
|
+
EKEYEXPIRED => "The key or keyring have expired",
|
428
|
+
EKEYREVOKED => "The key or keyring have been revoked",
|
429
|
+
EACCES => "The key is not accessible or keyring exists, but is not "\
|
430
|
+
"writable by the calling process",
|
431
|
+
}
|
432
|
+
end
|
433
|
+
end
|
metadata
ADDED
@@ -0,0 +1,132 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: keyutils
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Rafał Rzepecki
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-02-07 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: ffi
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.9'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.9'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.10'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.10'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '10.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '10.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: pry
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: FFI-based wrapper for Linux keyutils library, providing idiomatic Ruby
|
84
|
+
access to the kernel keyring.
|
85
|
+
email:
|
86
|
+
- divided.mind@gmail.com
|
87
|
+
executables: []
|
88
|
+
extensions: []
|
89
|
+
extra_rdoc_files: []
|
90
|
+
files:
|
91
|
+
- ".gitignore"
|
92
|
+
- ".rspec"
|
93
|
+
- ".travis.yml"
|
94
|
+
- Gemfile
|
95
|
+
- LICENSE.txt
|
96
|
+
- README.md
|
97
|
+
- Rakefile
|
98
|
+
- bin/console
|
99
|
+
- bin/setup
|
100
|
+
- keyutils.gemspec
|
101
|
+
- lib/keyutils.rb
|
102
|
+
- lib/keyutils/key.rb
|
103
|
+
- lib/keyutils/key_perm.rb
|
104
|
+
- lib/keyutils/key_types.rb
|
105
|
+
- lib/keyutils/keyring.rb
|
106
|
+
- lib/keyutils/lib.rb
|
107
|
+
- lib/keyutils/version.rb
|
108
|
+
homepage: https://github.com/dividedmind/ruby-keyutils
|
109
|
+
licenses:
|
110
|
+
- MIT
|
111
|
+
metadata: {}
|
112
|
+
post_install_message:
|
113
|
+
rdoc_options: []
|
114
|
+
require_paths:
|
115
|
+
- lib
|
116
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - ">="
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
121
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - ">="
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
requirements: []
|
127
|
+
rubyforge_project:
|
128
|
+
rubygems_version: 2.4.8
|
129
|
+
signing_key:
|
130
|
+
specification_version: 4
|
131
|
+
summary: Wrapper for Linux keyutils library
|
132
|
+
test_files: []
|