2016-01-21 07:12:25 +08:00
|
|
|
// +build linux
|
|
|
|
|
|
2016-07-25 06:41:57 +08:00
|
|
|
package keys
|
2016-01-21 07:12:25 +08:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"strconv"
|
2016-04-12 16:12:23 +08:00
|
|
|
"strings"
|
2017-05-10 05:38:27 +08:00
|
|
|
|
2018-09-17 19:38:30 +08:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
|
2017-05-10 05:38:27 +08:00
|
|
|
"golang.org/x/sys/unix"
|
2016-01-21 07:12:25 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type KeySerial uint32
|
|
|
|
|
|
|
|
|
|
func JoinSessionKeyring(name string) (KeySerial, error) {
|
2017-06-09 21:55:18 +08:00
|
|
|
sessKeyId, err := unix.KeyctlJoinSessionKeyring(name)
|
|
|
|
|
if err != nil {
|
2018-09-17 19:38:30 +08:00
|
|
|
return 0, errors.Wrap(err, "create session key")
|
2016-01-21 07:12:25 +08:00
|
|
|
}
|
|
|
|
|
return KeySerial(sessKeyId), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-12 16:12:23 +08:00
|
|
|
// ModKeyringPerm modifies permissions on a keyring by reading the current permissions,
|
2016-01-21 07:12:25 +08:00
|
|
|
// anding the bits with the given mask (clearing permissions) and setting
|
|
|
|
|
// additional permission bits
|
|
|
|
|
func ModKeyringPerm(ringId KeySerial, mask, setbits uint32) error {
|
2017-06-09 21:55:18 +08:00
|
|
|
dest, err := unix.KeyctlString(unix.KEYCTL_DESCRIBE, int(ringId))
|
|
|
|
|
if err != nil {
|
2016-01-21 07:12:25 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-25 16:41:57 +08:00
|
|
|
res := strings.Split(dest, ";")
|
2016-01-21 07:12:25 +08:00
|
|
|
if len(res) < 5 {
|
|
|
|
|
return fmt.Errorf("Destination buffer for key description is too small")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// parse permissions
|
|
|
|
|
perm64, err := strconv.ParseUint(res[3], 16, 32)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
perm := (uint32(perm64) & mask) | setbits
|
|
|
|
|
|
2017-06-09 21:55:18 +08:00
|
|
|
if err := unix.KeyctlSetperm(int(ringId), perm); err != nil {
|
2016-01-21 07:12:25 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
