rpmRC rpmkuFindPubkey(pgpDigParams sigp, /*@out@*/ rpmiob * iobp) { if (iobp != NULL) *iobp = NULL; #if defined(HAVE_KEYUTILS_H) if (_kuCache) { /*@observer@*/ static const char krprefix[] = "rpm:gpg:pubkey:"; key_serial_t keyring = (key_serial_t) _kuKeyring; char krfp[32]; char * krn = (char *) alloca(strlen(krprefix) + sizeof("12345678")); long key; int xx; (void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4)); krfp[sizeof(krfp)-1] = '\0'; *krn = '\0'; (void) stpcpy( stpcpy(krn, krprefix), krfp); key = keyctl_search(keyring, "user", krn, 0); xx = keyctl_read(key, NULL, 0); if (xx > 0) { rpmiob iob = rpmiobNew(xx); xx = keyctl_read(key, (char *)iob->b, iob->blen); if (xx > 0) { #ifdef NOTYET pubkeysource = xstrdup(krn); _kuCache = 0; /* XXX don't bother caching. */ #endif } else iob = rpmiobFree(iob); if (iob != NULL && iobp != NULL) { *iobp = iob; return RPMRC_OK; } else { iob = rpmiobFree(iob); return RPMRC_NOTFOUND; } } else return RPMRC_NOTFOUND; } else #endif /* HAVE_KEYUTILS_H */ return RPMRC_NOTFOUND; }
char* getKey(char *login) { char buffer[255]; memset(buffer,0,sizeof(buffer)); int ret; // ищем номер пользовательского ключа ret = request_key("user", login, NULL, 0); if (ret < 0) { return ""; }; // Возвращаем значение ключа ret = keyctl_read(ret, buffer, sizeof(buffer)); if (ret < 0) { return ""; }; return buffer; };
int main(int argc, char *argv[]) { int ret = 1; char *secret_cmd = NULL; char *subprocess_argv[4]; struct sm_opts *opts = NULL; key_serial_t key_id; char key_payload[KEY_PAYLOAD_MAXLEN]; char session_name[SESSION_NAME_MAXLEN]; // parse_opts gives use default values if not provided opts = sm_opts_parse(argc, argv); if (opts == NULL) { ret = 1; goto exit; } if (opts->flags & OPT_HELP || opts->flags & OPT_UNRECOGNIZED) { print_usage(); ret = 0; goto exit; } if (opts->flags & OPT_VERSION) { fprintf(stderr, PACKAGE_NAME " " PACKAGE_VERSION "\n"); ret = 0; goto exit; } // We deal with only one session name for the moment sprintf(session_name, "sm-session-%u", SM_MAGIC); // Start to request a key in the current session if present key_id = request_key("user", session_name, NULL, KEY_SPEC_SESSION_KEYRING); if (opts->flags & OPT_QUIT ) { if (key_id > 0) keyctl_revoke(key_id); else fprintf(stderr, "No keyring session could be found.\n"); ret = 0; goto exit; } if (opts->flags & OPT_SHOW_KEYID) { if (key_id > 0) { printf("%d\n", key_id); ret = 0; goto exit; } else { fprintf(stderr, "No key is attached to the current session.\n"); ret = 1; goto exit; } } if (key_id <= 0) { // Ask the user to enter his secret phrase and memset(key_payload, 0, KEY_PAYLOAD_MAXLEN); sprintf(key_payload, "%s", getpass("Secret: ")); if (strlen(key_payload) == 0) { fprintf(stderr, "An empty secret phrase is not supported.\n"); ret = 1; goto exit; } key_id = add_key("user", session_name, key_payload, strlen(key_payload), KEY_SPEC_SESSION_KEYRING); if (key_id < 0) { fprintf(stderr, "FATAL: Cannot add a passphrase, is CONFIG_KEYS enabled in your kernel?\n"); ret = 1; goto exit; } // To be able to find again the passphrase in the next execution of sm, // we have to attach the current keyring session to the shell // interpreter which executed this cmd keyctl_session_to_parent(); } else { // Read the passphrase memset(key_payload, 0, KEY_PAYLOAD_MAXLEN); if (keyctl_read(key_id, key_payload, KEY_PAYLOAD_MAXLEN) < 0) { ret = 1; goto exit; } } // We should have here a valid key id, so trigger the timeout again keyctl_set_timeout(key_id, (unsigned int) opts->timeout_sec); // Replace all {} occurrences by the secret phrase secret_cmd = replace_str(opts->cmd, opts->repl_str, key_payload); // Execute the secret cmd if (secret_cmd) { // Replacing the current executable image will at least return the exit // code of the executed command subprocess_argv[0] = "sh"; subprocess_argv[1] = "-c"; subprocess_argv[2] = secret_cmd; subprocess_argv[3] = NULL; execvp("/bin/sh", subprocess_argv); assert(0); } exit: if (opts) sm_opts_free(opts); return ret; }