rpmRC rpmkuFindPubkey(pgpDigParams sigp, /*@out@*/ rpmiob * iobp)
{
if (iobp != NULL)
*iobp = NULL;
#if defined(HAVE_KEYUTILS_H)
if (_kuCache) {
/*@observer@*/
static const char krprefix[] = "rpm:gpg:pubkey:";
key_serial_t keyring = (key_serial_t) _kuKeyring;
char krfp[32];
char * krn = (char *) alloca(strlen(krprefix) + sizeof("12345678"));
long key;
int xx;
(void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4));
krfp[sizeof(krfp)-1] = '\0';
*krn = '\0';
(void) stpcpy( stpcpy(krn, krprefix), krfp);
key = keyctl_search(keyring, "user", krn, 0);
xx = keyctl_read(key, NULL, 0);
if (xx > 0) {
rpmiob iob = rpmiobNew(xx);
xx = keyctl_read(key, (char *)iob->b, iob->blen);
if (xx > 0) {
#ifdef NOTYET
pubkeysource = xstrdup(krn);
_kuCache = 0; /* XXX don't bother caching. */
#endif
} else
iob = rpmiobFree(iob);
if (iob != NULL && iobp != NULL) {
*iobp = iob;
return RPMRC_OK;
} else {
iob = rpmiobFree(iob);
return RPMRC_NOTFOUND;
}
} else
return RPMRC_NOTFOUND;
} else
#endif /* HAVE_KEYUTILS_H */
return RPMRC_NOTFOUND;
}
char* getKey(char *login)
{
char buffer[255];
memset(buffer,0,sizeof(buffer));
int ret;
// ищем номер пользовательского ключа
ret = request_key("user", login, NULL, 0);
if (ret < 0)
{
return "";
};
// Возвращаем значение ключа
ret = keyctl_read(ret, buffer, sizeof(buffer));
if (ret < 0)
{
return "";
};
return buffer;
};
int
main(int argc, char *argv[])
{
int ret = 1;
char *secret_cmd = NULL;
char *subprocess_argv[4];
struct sm_opts *opts = NULL;
key_serial_t key_id;
char key_payload[KEY_PAYLOAD_MAXLEN];
char session_name[SESSION_NAME_MAXLEN];
// parse_opts gives use default values if not provided
opts = sm_opts_parse(argc, argv);
if (opts == NULL) {
ret = 1;
goto exit;
}
if (opts->flags & OPT_HELP || opts->flags & OPT_UNRECOGNIZED) {
print_usage();
ret = 0;
goto exit;
}
if (opts->flags & OPT_VERSION) {
fprintf(stderr, PACKAGE_NAME " " PACKAGE_VERSION "\n");
ret = 0;
goto exit;
}
// We deal with only one session name for the moment
sprintf(session_name, "sm-session-%u", SM_MAGIC);
// Start to request a key in the current session if present
key_id = request_key("user", session_name, NULL, KEY_SPEC_SESSION_KEYRING);
if (opts->flags & OPT_QUIT ) {
if (key_id > 0)
keyctl_revoke(key_id);
else
fprintf(stderr, "No keyring session could be found.\n");
ret = 0;
goto exit;
}
if (opts->flags & OPT_SHOW_KEYID) {
if (key_id > 0) {
printf("%d\n", key_id);
ret = 0;
goto exit;
} else {
fprintf(stderr, "No key is attached to the current session.\n");
ret = 1;
goto exit;
}
}
if (key_id <= 0) {
// Ask the user to enter his secret phrase and
memset(key_payload, 0, KEY_PAYLOAD_MAXLEN);
sprintf(key_payload, "%s", getpass("Secret: "));
if (strlen(key_payload) == 0) {
fprintf(stderr, "An empty secret phrase is not supported.\n");
ret = 1;
goto exit;
}
key_id = add_key("user", session_name, key_payload,
strlen(key_payload), KEY_SPEC_SESSION_KEYRING);
if (key_id < 0) {
fprintf(stderr, "FATAL: Cannot add a passphrase, is CONFIG_KEYS enabled in your kernel?\n");
ret = 1;
goto exit;
}
// To be able to find again the passphrase in the next execution of sm,
// we have to attach the current keyring session to the shell
// interpreter which executed this cmd
keyctl_session_to_parent();
} else {
// Read the passphrase
memset(key_payload, 0, KEY_PAYLOAD_MAXLEN);
if (keyctl_read(key_id, key_payload, KEY_PAYLOAD_MAXLEN) < 0) {
ret = 1;
goto exit;
}
}
// We should have here a valid key id, so trigger the timeout again
keyctl_set_timeout(key_id, (unsigned int) opts->timeout_sec);
// Replace all {} occurrences by the secret phrase
secret_cmd = replace_str(opts->cmd, opts->repl_str, key_payload);
// Execute the secret cmd
if (secret_cmd) {
// Replacing the current executable image will at least return the exit
// code of the executed command
subprocess_argv[0] = "sh";
subprocess_argv[1] = "-c";
subprocess_argv[2] = secret_cmd;
subprocess_argv[3] = NULL;
execvp("/bin/sh", subprocess_argv);
assert(0);
}
exit:
if (opts)
sm_opts_free(opts);
return ret;
}
