lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 May 2017 17:13:10 +0100
From:   David Howells <dhowells@...hat.com>
To:     James.Bottomley@...senPartnership.com, ebiederm@...ssion.com
Cc:     linux-nfs@...r.kernel.org, containers@...ts.linux-foundation.org,
        linux-kernel@...r.kernel.org, dhowells@...hat.com,
        keyrings@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        cgroups@...r.kernel.org
Subject: Example daemon program

Here's a one-shot example daemon that services user-type keys.

David
---
/* request_key() service daemon
 *
 * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@...hat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <keyutils.h>

#define KEY_SERVICE_NS_UTS		0x0001
#define KEY_SERVICE_NS_IPC		0x0002
#define KEY_SERVICE_NS_MNT		0x0004
#define KEY_SERVICE_NS_PID		0x0008
#define KEY_SERVICE_NS_NET		0x0010
#define KEY_SERVICE_NS_CGROUP		0x0020
#define KEY_SERVICE___ALL_NS		0x003f

#define KEY_SERVICE_FD_CLOEXEC		0x0001
#define KEY_SERVICE_FD_NONBLOCK		0x0002

#define KEYCTL_SERVICE_CREATE		30	/* Create a request_key() service channel */
#define KEYCTL_SERVICE_ADD		31	/* Specify the a request pattern we can service */

int main()
{
	key_serial_t key, tring, pring, sring;
	char buf[128], op[12];
	uid_t uid;
	gid_t gid;
	int kfd, len;

	kfd = keyctl(KEYCTL_SERVICE_CREATE, KEY_SERVICE_FD_CLOEXEC);
	if (kfd == -1) {
		perror("service-create");
		exit(1);
	}

	if (keyctl(KEYCTL_SERVICE_ADD, kfd, "user", 0) == -1) {
		perror("service-add");
		exit(1);
	}

	len = read(kfd, buf, sizeof(buf) - 1);
	if (len == -1) {
		perror("read");
		exit(1);
	}
	buf[len] = 0;

	printf("received %d [%s]\n", len, buf);
	if (sscanf(buf, "%12s %x %x %x %x %x %x",
		   op, &key, &uid, &gid, &tring, &pring, &sring) != 7) {
		fprintf(stderr, "sscanf: Insufficient args decoded\n");
		exit(1);
	}

	if (keyctl_assume_authority(key) == -1) {
		perror("assume");
		exit(1);
	}

	if (keyctl_instantiate(key, "foo_bar", 7, 0) == -1) {
		perror("instantiate");
		exit(1);
	}
	
	exit(0);
}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ