diff --git a/.cirrus.yml b/.cirrus.yml index 1417c48..b610713 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -19,7 +19,7 @@ rustfmt_task: linux_task: matrix: - container: - image: rust:1.32.0 + image: rust:1.34.0 - container: image: rust:latest - allow_failures: true diff --git a/Cargo.toml b/Cargo.toml index b245e85..d914965 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,12 +11,12 @@ readme = "README.md" edition = "2018" [workspace] -members = ["libkeyutils-sys"] +members = ["keyutils-raw"] [dependencies] bitflags = "1.0.4" errno = "0.2" -libkeyutils-sys = { path = "libkeyutils-sys" } +keyutils-raw = { path = "keyutils-raw" } log = "0.4.4" libc = "0.2" diff --git a/libkeyutils-sys/Cargo.toml b/keyutils-raw/Cargo.toml similarity index 75% rename from libkeyutils-sys/Cargo.toml rename to keyutils-raw/Cargo.toml index 16730c4..7efbfd1 100644 --- a/libkeyutils-sys/Cargo.toml +++ b/keyutils-raw/Cargo.toml @@ -1,9 +1,9 @@ [package] -name = "libkeyutils-sys" -version = "0.3.1" +name = "keyutils-raw" +version = "0.4.0" authors = ["Ben Boeckel "] license = "BSD-3-Clause" -description = "FFI bindings to libkeyutils." +description = "Raw bindings to Linux keyring syscalls" repository = "https://github.com/mathstuf/rust-keyutils.git" homepage = "https://github.com/mathstuf/rust-keyutils" keywords = ["keyutils"] diff --git a/libkeyutils-sys/build.rs b/keyutils-raw/build.rs similarity index 100% rename from libkeyutils-sys/build.rs rename to keyutils-raw/build.rs diff --git a/keyutils-raw/src/constants.rs b/keyutils-raw/src/constants.rs new file mode 100644 index 0000000..65bb490 --- /dev/null +++ b/keyutils-raw/src/constants.rs @@ -0,0 +1,76 @@ +// Copyright (c) 2018, Ben Boeckel +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, +// are permitted provided that the following conditions are met: +// +// * Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// * Neither the name of this project nor the names of its contributors +// may be used to endorse or promote products derived from this software +// without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Ignore rustfmt changes in here. The horizontal alignment is too useful to give up. +#![cfg_attr(rustfmt, rustfmt_skip)] + +use crate::{KeyPermissions, KeyringSerial}; + +// TODO: change these to &CStr when const fns get unblocked. +pub const KEY_TYPE_KEYRING: &str = "keyring"; +pub const KEY_TYPE_USER: &str = "user"; +pub const KEY_TYPE_LOGON: &str = "logon"; +pub const KEY_TYPE_BIG_KEY: &str = "big_key"; + +pub const KEY_SPEC_THREAD_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-1) }; +pub const KEY_SPEC_PROCESS_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-2) }; +pub const KEY_SPEC_SESSION_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-3) }; +pub const KEY_SPEC_USER_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-4) }; +pub const KEY_SPEC_USER_SESSION_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-5) }; +pub const KEY_SPEC_GROUP_KEYRING: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-6) }; +pub const KEY_SPEC_REQKEY_AUTH_KEY: KeyringSerial = unsafe { KeyringSerial::new_unchecked(-7) }; + +pub const KEY_POS_VIEW: KeyPermissions = 0x0100_0000; /* possessor can view a key's attributes */ +pub const KEY_POS_READ: KeyPermissions = 0x0200_0000; /* possessor can read key payload / view keyring */ +pub const KEY_POS_WRITE: KeyPermissions = 0x0400_0000; /* possessor can update key payload / add link to keyring */ +pub const KEY_POS_SEARCH: KeyPermissions = 0x0800_0000; /* possessor can find a key in search / search a keyring */ +pub const KEY_POS_LINK: KeyPermissions = 0x1000_0000; /* possessor can create a link to a key/keyring */ +pub const KEY_POS_SETATTR: KeyPermissions = 0x2000_0000; /* possessor can set key attributes */ +pub const KEY_POS_ALL: KeyPermissions = 0x3f00_0000; + +pub const KEY_USR_VIEW: KeyPermissions = 0x0001_0000; /* user permissions... */ +pub const KEY_USR_READ: KeyPermissions = 0x0002_0000; +pub const KEY_USR_WRITE: KeyPermissions = 0x0004_0000; +pub const KEY_USR_SEARCH: KeyPermissions = 0x0008_0000; +pub const KEY_USR_LINK: KeyPermissions = 0x0010_0000; +pub const KEY_USR_SETATTR: KeyPermissions = 0x0020_0000; +pub const KEY_USR_ALL: KeyPermissions = 0x003f_0000; + +pub const KEY_GRP_VIEW: KeyPermissions = 0x0000_0100; /* group permissions... */ +pub const KEY_GRP_READ: KeyPermissions = 0x0000_0200; +pub const KEY_GRP_WRITE: KeyPermissions = 0x0000_0400; +pub const KEY_GRP_SEARCH: KeyPermissions = 0x0000_0800; +pub const KEY_GRP_LINK: KeyPermissions = 0x0000_1000; +pub const KEY_GRP_SETATTR: KeyPermissions = 0x0000_2000; +pub const KEY_GRP_ALL: KeyPermissions = 0x0000_3f00; + +pub const KEY_OTH_VIEW: KeyPermissions = 0x0000_0001; /* third party permissions... */ +pub const KEY_OTH_READ: KeyPermissions = 0x0000_0002; +pub const KEY_OTH_WRITE: KeyPermissions = 0x0000_0004; +pub const KEY_OTH_SEARCH: KeyPermissions = 0x0000_0008; +pub const KEY_OTH_LINK: KeyPermissions = 0x0000_0010; +pub const KEY_OTH_SETATTR: KeyPermissions = 0x0000_0020; +pub const KEY_OTH_ALL: KeyPermissions = 0x0000_003f; diff --git a/libkeyutils-sys/src/functions.rs b/keyutils-raw/src/functions.rs similarity index 73% rename from libkeyutils-sys/src/functions.rs rename to keyutils-raw/src/functions.rs index 6376aa5..2a29a29 100644 --- a/libkeyutils-sys/src/functions.rs +++ b/keyutils-raw/src/functions.rs @@ -24,7 +24,10 @@ // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -use crate::types::{key_perm_t, key_serial_t}; +use crate::{KeyPermissions, KeyringSerial, TimeoutSeconds}; + +// Remove when rust-lang/rust#60300 is in stable +#[allow(improper_ctypes)] #[rustfmt::skip] extern "C" { @@ -33,111 +36,111 @@ extern "C" { description: *const libc::c_char, payload: *const libc::c_void, plen: libc::size_t, - keyring: key_serial_t) - -> key_serial_t; + keyring: KeyringSerial) + -> KeyringSerial; pub fn request_key( type_: *const libc::c_char, description: *const libc::c_char, callout_info: *const libc::c_char, - keyring: key_serial_t) - -> key_serial_t; + keyring: Option) + -> KeyringSerial; pub fn keyctl_get_keyring_ID( - id: key_serial_t, + id: KeyringSerial, create: libc::c_int) - -> key_serial_t; + -> KeyringSerial; pub fn keyctl_join_session_keyring( name: *const libc::c_char) - -> key_serial_t; + -> KeyringSerial; pub fn keyctl_update( - id: key_serial_t, + id: KeyringSerial, payload: *const libc::c_void, plen: libc::size_t) -> libc::c_long; pub fn keyctl_revoke( - id: key_serial_t) + id: KeyringSerial) -> libc::c_long; pub fn keyctl_chown( - id: key_serial_t, + id: KeyringSerial, uid: libc::uid_t, gid: libc::gid_t) -> libc::c_long; pub fn keyctl_setperm( - id: key_serial_t, - perm: key_perm_t) + id: KeyringSerial, + perm: KeyPermissions) -> libc::c_long; pub fn keyctl_describe( - id: key_serial_t, + id: KeyringSerial, buffer: *mut libc::c_char, buflen: libc::size_t) -> libc::c_long; pub fn keyctl_clear( - ringid: key_serial_t) + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_link( - id: key_serial_t, - ringid: key_serial_t) + id: KeyringSerial, + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_unlink( - id: key_serial_t, - ringid: key_serial_t) + id: KeyringSerial, + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_search( - ringid: key_serial_t, + ringid: KeyringSerial, type_: *const libc::c_char, description: *const libc::c_char, - destringid: key_serial_t) + destringid: KeyringSerial) -> libc::c_long; pub fn keyctl_read( - id: key_serial_t, + id: KeyringSerial, buffer: *mut libc::c_char, buflen: libc::size_t) -> libc::c_long; pub fn keyctl_instantiate( - id: key_serial_t, + id: KeyringSerial, payload: *const libc::c_void, plen: libc::size_t, - ringid: key_serial_t) + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_negate( - id: key_serial_t, - timeout: libc::c_uint, - ringid: key_serial_t) + id: KeyringSerial, + timeout: TimeoutSeconds, + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_set_reqkey_keyring( reqkey_defl: libc::c_int) -> libc::c_long; pub fn keyctl_set_timeout( - key: key_serial_t, - timeout: libc::c_uint) + key: KeyringSerial, + timeout: TimeoutSeconds) -> libc::c_long; pub fn keyctl_assume_authority( - key: key_serial_t) + key: Option) -> libc::c_long; pub fn keyctl_get_security( - key: key_serial_t, + key: KeyringSerial, buffer: *mut libc::c_char, buflen: libc::size_t) -> libc::c_long; //pub fn keyctl_session_to_parent() // -> libc::c_long; pub fn keyctl_reject( - id: key_serial_t, - timeout: libc::c_uint, + id: KeyringSerial, + timeout: TimeoutSeconds, error: libc::c_uint, - ringid: key_serial_t) + ringid: KeyringSerial) -> libc::c_long; pub fn keyctl_invalidate( - id: key_serial_t) + id: KeyringSerial) -> libc::c_long; pub fn keyctl_get_persistent( uid: libc::uid_t, - id: key_serial_t) + id: KeyringSerial) -> libc::c_long; pub fn keyctl_dh_compute( - private: key_serial_t, - prime: key_serial_t, - base: key_serial_t, + private: KeyringSerial, + prime: KeyringSerial, + base: KeyringSerial, buffer: *mut libc::c_char, buflen: libc::size_t) -> libc::c_long; diff --git a/libkeyutils-sys/src/lib.rs b/keyutils-raw/src/lib.rs similarity index 100% rename from libkeyutils-sys/src/lib.rs rename to keyutils-raw/src/lib.rs diff --git a/keyutils-raw/src/types.rs b/keyutils-raw/src/types.rs new file mode 100644 index 0000000..bda3222 --- /dev/null +++ b/keyutils-raw/src/types.rs @@ -0,0 +1,93 @@ +// Copyright (c) 2018, Ben Boeckel +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, +// are permitted provided that the following conditions are met: +// +// * Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// * Neither the name of this project nor the names of its contributors +// may be used to endorse or promote products derived from this software +// without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +use std::convert::TryFrom; +use std::num::NonZeroI32; + +/// Alias for the key_serial_t kernel type, representing a keyring (or key). +pub type KeyringSerial = NonZeroI32; + +/// Alias for the key_perm_t kernel type, representing a keyring's (or key's) +/// permission bits. +/// +/// See `Permission`. +pub type KeyPermissions = u32; + +pub type TimeoutSeconds = libc::c_uint; + +/// An enumeration for the keyrings which may be set as the default. +/// +/// Keys which are implicitly required via syscalls and other operations are +/// placed in the default keyring. +#[derive(Debug, PartialEq, Eq)] +pub enum DefaultKeyring { + /// Do not change the default keyring. + /// + /// This may be used to get the current default keyring. + NoChange = -1, + /// Set the thread-specific keyring as the default. + ThreadKeyring = 1, + /// Set the process-specific keyring as the default. + ProcessKeyring = 2, + /// Set the session-specific keyring as the default. + SessionKeyring = 3, + /// Set the user-specific keyring as the default. + UserKeyring = 4, + /// Set the user session-specific keyring as the default. + UserSessionKeyring = 5, + /// Set the user session-specific keyring as the default. + GroupKeyring = 6, + /// Set the default keyring to the default logic. + /// + /// Keys will be placed in the first available keyring of: + /// + /// - thread-specific + /// - process-specific + /// - session-specific + /// - user-specific + DefaultKeyring = 0, +} + +#[derive(Debug, PartialEq, Eq)] +pub struct UnknownDefault(libc::c_long); + +impl TryFrom for DefaultKeyring { + type Error = UnknownDefault; + fn try_from(id: libc::c_long) -> Result { + use self::DefaultKeyring::*; + match id { + x if x == NoChange as libc::c_long => Ok(NoChange), + x if x == ThreadKeyring as libc::c_long => Ok(ThreadKeyring), + x if x == ProcessKeyring as libc::c_long => Ok(ProcessKeyring), + x if x == SessionKeyring as libc::c_long => Ok(SessionKeyring), + x if x == UserKeyring as libc::c_long => Ok(UserKeyring), + x if x == UserSessionKeyring as libc::c_long => Ok(UserSessionKeyring), + x if x == GroupKeyring as libc::c_long => Ok(GroupKeyring), + x if x == DefaultKeyring as libc::c_long => Ok(DefaultKeyring), + x => Err(UnknownDefault(x)), + } + } +} diff --git a/libkeyutils-sys/src/constants.rs b/libkeyutils-sys/src/constants.rs deleted file mode 100644 index 908d00b..0000000 --- a/libkeyutils-sys/src/constants.rs +++ /dev/null @@ -1,82 +0,0 @@ -// Copyright (c) 2018, Ben Boeckel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, -// are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// * Neither the name of this project nor the names of its contributors -// may be used to endorse or promote products derived from this software -// without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR -// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -// Ignore rustfmt changes in here. The horizontal alignment is too useful to give up. -#![cfg_attr(rustfmt, rustfmt_skip)] - -use crate::types::{key_perm_t, key_serial_t}; - -pub const KEY_TYPE_USER: &str = "user"; -pub const KEY_TYPE_LOGON: &str = "logon"; - -pub const KEY_SPEC_THREAD_KEYRING: key_serial_t = -1; -pub const KEY_SPEC_PROCESS_KEYRING: key_serial_t = -2; -pub const KEY_SPEC_SESSION_KEYRING: key_serial_t = -3; -pub const KEY_SPEC_USER_KEYRING: key_serial_t = -4; -pub const KEY_SPEC_USER_SESSION_KEYRING: key_serial_t = -5; -pub const KEY_SPEC_GROUP_KEYRING: key_serial_t = -6; -pub const KEY_SPEC_REQKEY_AUTH_KEY: key_serial_t = -7; - -pub const KEY_REQKEY_DEFL_NO_CHANGE: key_serial_t = -1; -pub const KEY_REQKEY_DEFL_DEFAULT: key_serial_t = 0; -pub const KEY_REQKEY_DEFL_THREAD_KEYRING: key_serial_t = 1; -pub const KEY_REQKEY_DEFL_PROCESS_KEYRING: key_serial_t = 2; -pub const KEY_REQKEY_DEFL_SESSION_KEYRING: key_serial_t = 3; -pub const KEY_REQKEY_DEFL_USER_KEYRING: key_serial_t = 4; -pub const KEY_REQKEY_DEFL_USER_SESSION_KEYRING: key_serial_t = 5; -pub const KEY_REQKEY_DEFL_GROUP_KEYRING: key_serial_t = 6; - -pub const KEY_POS_VIEW: key_perm_t = 0x0100_0000; /* possessor can view a key's attributes */ -pub const KEY_POS_READ: key_perm_t = 0x0200_0000; /* possessor can read key payload / view keyring */ -pub const KEY_POS_WRITE: key_perm_t = 0x0400_0000; /* possessor can update key payload / add link to keyring */ -pub const KEY_POS_SEARCH: key_perm_t = 0x0800_0000; /* possessor can find a key in search / search a keyring */ -pub const KEY_POS_LINK: key_perm_t = 0x1000_0000; /* possessor can create a link to a key/keyring */ -pub const KEY_POS_SETATTR: key_perm_t = 0x2000_0000; /* possessor can set key attributes */ -pub const KEY_POS_ALL: key_perm_t = 0x3f00_0000; - -pub const KEY_USR_VIEW: key_perm_t = 0x0001_0000; /* user permissions... */ -pub const KEY_USR_READ: key_perm_t = 0x0002_0000; -pub const KEY_USR_WRITE: key_perm_t = 0x0004_0000; -pub const KEY_USR_SEARCH: key_perm_t = 0x0008_0000; -pub const KEY_USR_LINK: key_perm_t = 0x0010_0000; -pub const KEY_USR_SETATTR: key_perm_t = 0x0020_0000; -pub const KEY_USR_ALL: key_perm_t = 0x003f_0000; - -pub const KEY_GRP_VIEW: key_perm_t = 0x0000_0100; /* group permissions... */ -pub const KEY_GRP_READ: key_perm_t = 0x0000_0200; -pub const KEY_GRP_WRITE: key_perm_t = 0x0000_0400; -pub const KEY_GRP_SEARCH: key_perm_t = 0x0000_0800; -pub const KEY_GRP_LINK: key_perm_t = 0x0000_1000; -pub const KEY_GRP_SETATTR: key_perm_t = 0x0000_2000; -pub const KEY_GRP_ALL: key_perm_t = 0x0000_3f00; - -pub const KEY_OTH_VIEW: key_perm_t = 0x0000_0001; /* third party permissions... */ -pub const KEY_OTH_READ: key_perm_t = 0x0000_0002; -pub const KEY_OTH_WRITE: key_perm_t = 0x0000_0004; -pub const KEY_OTH_SEARCH: key_perm_t = 0x0000_0008; -pub const KEY_OTH_LINK: key_perm_t = 0x0000_0010; -pub const KEY_OTH_SETATTR: key_perm_t = 0x0000_0020; -pub const KEY_OTH_ALL: key_perm_t = 0x0000_003f; diff --git a/libkeyutils-sys/src/types.rs b/libkeyutils-sys/src/types.rs deleted file mode 100644 index 4c82fcb..0000000 --- a/libkeyutils-sys/src/types.rs +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (c) 2018, Ben Boeckel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, -// are permitted provided that the following conditions are met: -// -// * Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// * Neither the name of this project nor the names of its contributors -// may be used to endorse or promote products derived from this software -// without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR -// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#![allow(non_camel_case_types)] - -pub type key_serial_t = i32; -pub type key_perm_t = u32; diff --git a/src/api.rs b/src/api.rs index fee513a..51548de 100644 --- a/src/api.rs +++ b/src/api.rs @@ -25,6 +25,7 @@ // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. use std::borrow::Borrow; +use std::convert::TryInto; use std::ffi::CString; use std::mem; use std::ptr; @@ -32,10 +33,10 @@ use std::result; use std::str; use std::time::Duration; -use libkeyutils_sys::*; +use keyutils_raw::*; use log::error; -use crate::constants::{DefaultKeyring, KeyPermissions, KeyringSerial, Permission, SpecialKeyring}; +use crate::constants::{Permission, SpecialKeyring}; use crate::keytype::*; use crate::keytypes; @@ -44,28 +45,38 @@ pub type Error = errno::Errno; /// Simpler `Result` type with the error already set. pub type Result = result::Result; -fn check_call(res: libc::c_long, value: T) -> Result { - if res == -1 { - Err(errno::errno()) - } else { - Ok(value) +fn check_call(res: libc::c_long) -> Result<()> { + match res { + -1 => Err(errno::errno()), + _ => Ok(()), } } -fn check_call_ret(res: libc::c_long) -> Result { - if res == -1 { - Err(errno::errno()) - } else { - Ok(res) - } +fn check_call_key(res: KeyringSerial) -> Result { + check_call(res.get().into())?; + Ok(Key::new_impl(res)) } -fn check_call_ret_serial(res: KeyringSerial) -> Result { - if res == -1 { - Err(errno::errno()) - } else { - Ok(res) - } +fn check_call_keyring(res: KeyringSerial) -> Result { + check_call(res.get().into())?; + Ok(Keyring::new_impl(res)) +} + +fn into_serial(res: libc::c_long) -> KeyringSerial { + KeyringSerial::new(res as i32).unwrap() +} + +fn request_impl( + description: &str, + info: Option<&str>, + id: Option, +) -> KeyringSerial { + let type_cstr = CString::new(K::name()).unwrap(); + let desc_cstr = CString::new(description).unwrap(); + let info_cstr = info.map(|i| CString::new(i).unwrap()); + + let info_ptr = info_cstr.map_or(ptr::null(), |cs| cs.as_ptr()); + unsafe { request_key(type_cstr.as_ptr(), desc_cstr.as_ptr(), info_ptr, id) } } /// Representation of a kernel keyring. @@ -99,8 +110,9 @@ impl Keyring { /// If the kernel returns a keyring value which the library does not understand, the conversion /// from the return value into a `DefaultKeyring` will panic. pub fn set_default(keyring: DefaultKeyring) -> Result { - let ret = check_call_ret(unsafe { keyctl_set_reqkey_keyring(keyring.serial()) })?; - Ok(DefaultKeyring::from(ret as i32)) + let ret = unsafe { keyctl_set_reqkey_keyring(keyring as libc::c_int) }; + check_call(ret)?; + Ok(ret.try_into().unwrap()) } /// Requests a keyring with the given description by searching the thread, process, and session @@ -109,7 +121,11 @@ impl Keyring { where D: AsRef, { - Keyring::new_impl(0).request_keyring(description.as_ref()) + check_call_keyring(request_impl::( + description.as_ref(), + None, + None, + )) } /// Requests a keyring with the given description by searching the thread, process, and session @@ -122,12 +138,15 @@ impl Keyring { D: Borrow<::Description>, I: AsRef, { - Keyring::new_impl(0).request_keyring_with_fallback(description, info) + check_call_keyring(request_impl::( + &description.borrow().description(), + Some(info.as_ref()), + None, + )) } fn get_keyring(id: SpecialKeyring, create: bool) -> Result { - let res = unsafe { keyctl_get_keyring_ID(id.serial(), create as libc::c_int) }; - check_call(i64::from(res), Keyring::new_impl(res)) + check_call_keyring(unsafe { keyctl_get_keyring_ID(id.serial(), create.into()) }) } /// Attach to a special keyring. Fails if the keyring does not already exist. @@ -142,8 +161,7 @@ impl Keyring { /// Create a new anonymous keyring and set it as the session keyring. pub fn join_anonymous_session() -> Result { - let res = unsafe { keyctl_join_session_keyring(ptr::null()) }; - check_call(i64::from(res), Keyring::new_impl(res)) + check_call_keyring(unsafe { keyctl_join_session_keyring(ptr::null()) }) } /// Attached to a named session keyring. @@ -155,15 +173,14 @@ impl Keyring { N: AsRef, { let name_cstr = CString::new(name.as_ref()).unwrap(); - let res = unsafe { keyctl_join_session_keyring(name_cstr.as_ptr()) }; - check_call(i64::from(res), Keyring::new_impl(res)) + check_call_keyring(unsafe { keyctl_join_session_keyring(name_cstr.as_ptr()) }) } /// Clears the contents of the keyring. /// /// Requires `write` permission on the keyring. pub fn clear(&mut self) -> Result<()> { - check_call(unsafe { keyctl_clear(self.id) }, ()) + check_call(unsafe { keyctl_clear(self.id) }) } /// Adds a link to `key` to the keyring. @@ -171,14 +188,14 @@ impl Keyring { /// Any link to an existing key with the same description is removed. Requires `write` /// permission on the keyring and `link` permission on the key. pub fn link_key(&mut self, key: &Key) -> Result<()> { - check_call(unsafe { keyctl_link(key.id, self.id) }, ()) + check_call(unsafe { keyctl_link(key.id, self.id) }) } /// Removes the link to `key` from the keyring. /// /// Requires `write` permission on the keyring. pub fn unlink_key(&mut self, key: &Key) -> Result<()> { - check_call(unsafe { keyctl_unlink(key.id, self.id) }, ()) + check_call(unsafe { keyctl_unlink(key.id, self.id) }) } /// Adds a link to `keyring` to the keyring. @@ -186,23 +203,23 @@ impl Keyring { /// Any link to an existing keyring with the same description is removed. Requires `write` /// permission on the current keyring and `link` permission on the linked keyring. pub fn link_keyring(&mut self, keyring: &Keyring) -> Result<()> { - check_call(unsafe { keyctl_link(keyring.id, self.id) }, ()) + check_call(unsafe { keyctl_link(keyring.id, self.id) }) } /// Removes the link to `keyring` from the keyring. /// /// Requires `write` permission on the keyring. pub fn unlink_keyring(&mut self, keyring: &Keyring) -> Result<()> { - check_call(unsafe { keyctl_unlink(keyring.id, self.id) }, ()) + check_call(unsafe { keyctl_unlink(keyring.id, self.id) }) } - fn search_impl(&self, description: &str) -> Result + fn search_impl(&self, description: &str) -> KeyringSerial where K: KeyType, { let type_cstr = CString::new(K::name()).unwrap(); let desc_cstr = CString::new(description).unwrap(); - check_call_ret(unsafe { + into_serial(unsafe { keyctl_search(self.id, type_cstr.as_ptr(), desc_cstr.as_ptr(), self.id) }) } @@ -217,8 +234,7 @@ impl Keyring { K: KeyType, D: Borrow, { - let res = self.search_impl::(&description.borrow().description())?; - check_call(res, Key::new_impl(res as key_serial_t)) + check_call_key(self.search_impl::(&description.borrow().description())) } /// Recursively search the keyring for a keyring with the matching description. @@ -231,24 +247,26 @@ impl Keyring { where D: Borrow<::Description>, { - let res = self.search_impl::(&description.borrow().description())?; - check_call(res, Keyring::new_impl(res as key_serial_t)) + check_call_keyring( + self.search_impl::(&description.borrow().description()), + ) } /// Return all immediate children of the keyring. /// /// Requires `read` permission on the keyring. pub fn read(&self) -> Result<(Vec, Vec)> { - let sz = check_call_ret(unsafe { keyctl_read(self.id, ptr::null_mut(), 0) })?; - let mut buffer = - Vec::::with_capacity((sz as usize) / mem::size_of::()); - let actual_sz = check_call_ret(unsafe { + let sz = unsafe { keyctl_read(self.id, ptr::null_mut(), 0) }; + check_call(sz)?; + let mut buffer = Vec::with_capacity((sz as usize) / mem::size_of::()); + let actual_sz = unsafe { keyctl_read( self.id, buffer.as_mut_ptr() as *mut libc::c_char, sz as usize, ) - })?; + }; + check_call(actual_sz)?; unsafe { buffer.set_len((actual_sz as usize) / mem::size_of::()) }; let mut keys = Vec::new(); @@ -276,8 +294,7 @@ impl Keyring { /// /// If one does not exist, it will be created. Requires `write` permission on the keyring. pub fn attach_persistent(&mut self) -> Result { - let res = unsafe { keyctl_get_persistent(!0, self.id) }; - check_call(res, Keyring::new_impl(res as key_serial_t)) + check_call_keyring(into_serial(unsafe { keyctl_get_persistent(!0, self.id) })) } /// Adds a key of a specific type to the keyring. @@ -290,18 +307,22 @@ impl Keyring { D: Borrow, P: Borrow, { - self.add_key_impl::(description.borrow(), payload.borrow()) + check_call_key(self.add_key_impl::(description.borrow(), payload.borrow())) } /// Monomorphization of adding a key. - fn add_key_impl(&mut self, description: &K::Description, payload: &K::Payload) -> Result + fn add_key_impl( + &mut self, + description: &K::Description, + payload: &K::Payload, + ) -> KeyringSerial where K: KeyType, { let type_cstr = CString::new(K::name()).unwrap(); let desc_cstr = CString::new(description.description().as_bytes()).unwrap(); let payload = payload.payload(); - let res = unsafe { + unsafe { add_key( type_cstr.as_ptr(), desc_cstr.as_ptr(), @@ -309,8 +330,7 @@ impl Keyring { payload.len(), self.id, ) - }; - check_call(i64::from(res), Key::new_impl(res)) + } } /// Adds a keyring to the current keyring. @@ -321,19 +341,7 @@ impl Keyring { where D: Borrow<::Description>, { - let key = self.add_key::(description, ())?; - Ok(Keyring::new_impl(key.id)) - } - - fn request_impl(&self, description: &str) -> Result - where - K: KeyType, - { - let type_cstr = CString::new(K::name()).unwrap(); - let desc_cstr = CString::new(description).unwrap(); - check_call_ret_serial(unsafe { - request_key(type_cstr.as_ptr(), desc_cstr.as_ptr(), ptr::null(), self.id) - }) + check_call_keyring(self.add_key_impl::(description.borrow(), &())) } /// Requests a key with the given description by searching the thread, process, and session @@ -345,8 +353,11 @@ impl Keyring { K: KeyType, D: Borrow, { - let res = self.request_impl::(&description.borrow().description())?; - check_call(i64::from(res), Key::new_impl(res)) + check_call_key(request_impl::( + &description.borrow().description(), + None, + Some(self.id), + )) } /// Requests a keyring with the given description by searching the thread, process, and session @@ -357,25 +368,11 @@ impl Keyring { where D: Borrow<::Description>, { - let res = self.request_impl::(&description.borrow().description())?; - check_call(i64::from(res), Keyring::new_impl(res)) - } - - fn request_fallback_impl(&self, description: &str, info: &str) -> Result - where - K: KeyType, - { - let type_cstr = CString::new(K::name()).unwrap(); - let desc_cstr = CString::new(description).unwrap(); - let info_cstr = CString::new(info).unwrap(); - check_call_ret_serial(unsafe { - request_key( - type_cstr.as_ptr(), - desc_cstr.as_ptr(), - info_cstr.as_ptr(), - self.id, - ) - }) + check_call_keyring(request_impl::( + &description.borrow().description(), + None, + Some(self.id), + )) } /// Requests a key with the given description by searching the thread, process, and session @@ -390,9 +387,11 @@ impl Keyring { D: Borrow, I: AsRef, { - let res = - self.request_fallback_impl::(&description.borrow().description(), info.as_ref())?; - check_call(i64::from(res), Key::new_impl(res)) + check_call_key(request_impl::( + &description.borrow().description(), + Some(info.as_ref()), + Some(self.id), + )) } /// Requests a keyring with the given description by searching the thread, process, and session @@ -406,18 +405,18 @@ impl Keyring { D: Borrow<::Description>, I: AsRef, { - let res = self.request_fallback_impl::( + check_call_keyring(request_impl::( &description.borrow().description(), - info.as_ref(), - )?; - check_call(i64::from(res), Keyring::new_impl(res)) + Some(info.as_ref()), + Some(self.id), + )) } /// Revokes the keyring. /// /// Requires `write` permission on the keyring. pub fn revoke(self) -> Result<()> { - check_call(unsafe { keyctl_revoke(self.id) }, ()) + check_call(unsafe { keyctl_revoke(self.id) }) } /// Change the user which owns the keyring. @@ -425,7 +424,7 @@ impl Keyring { /// Requires the `setattr` permission on the keyring and the SysAdmin capability to change it /// to anything other than the current user. pub fn chown(&mut self, uid: libc::uid_t) -> Result<()> { - check_call(unsafe { keyctl_chown(self.id, uid, !0) }, ()) + check_call(unsafe { keyctl_chown(self.id, uid, !0) }) } /// Change the group which owns the keyring. @@ -433,7 +432,7 @@ impl Keyring { /// Requires the `setattr` permission on the keyring and the SysAdmin capability to change it /// to anything other than a group of which the current user is a member. pub fn chgrp(&mut self, gid: libc::gid_t) -> Result<()> { - check_call(unsafe { keyctl_chown(self.id, !0, gid) }, ()) + check_call(unsafe { keyctl_chown(self.id, !0, gid) }) } /// Set the permissions on the keyring. @@ -441,19 +440,21 @@ impl Keyring { /// Requires the `setattr` permission on the keyring and the SysAdmin capability if the current /// user does not own the keyring. pub fn set_permissions(&mut self, perms: Permission) -> Result<()> { - check_call(unsafe { keyctl_setperm(self.id, perms.bits()) }, ()) + check_call(unsafe { keyctl_setperm(self.id, perms.bits()) }) } fn description_raw(&self) -> Result { - let sz = check_call_ret(unsafe { keyctl_describe(self.id, ptr::null_mut(), 0) })?; + let sz = unsafe { keyctl_describe(self.id, ptr::null_mut(), 0) }; + check_call(sz)?; let mut buffer = Vec::with_capacity(sz as usize); - let actual_sz = check_call_ret(unsafe { + let actual_sz = unsafe { keyctl_describe( self.id, buffer.as_mut_ptr() as *mut libc::c_char, sz as usize, ) - })?; + }; + check_call(actual_sz)?; unsafe { buffer.set_len((actual_sz - 1) as usize) }; let str_slice = str::from_utf8(&buffer[..]).unwrap(); Ok(str_slice.to_owned()) @@ -474,24 +475,23 @@ impl Keyring { /// Any partial seconds are ignored. A timeout of 0 means "no expiration". Requires the /// `setattr` permission on the keyring. pub fn set_timeout(&mut self, timeout: Duration) -> Result<()> { - check_call( - unsafe { keyctl_set_timeout(self.id, timeout.as_secs() as u32) }, - (), - ) + check_call(unsafe { keyctl_set_timeout(self.id, timeout.as_secs() as TimeoutSeconds) }) } /// The security context of the keyring. Depends on the security manager loaded into the kernel /// (e.g., SELinux or AppArmor). pub fn security(&self) -> Result { - let sz = check_call_ret(unsafe { keyctl_get_security(self.id, ptr::null_mut(), 0) })?; + let sz = unsafe { keyctl_get_security(self.id, ptr::null_mut(), 0) }; + check_call(sz)?; let mut buffer = Vec::with_capacity(sz as usize); - let actual_sz = check_call_ret(unsafe { + let actual_sz = unsafe { keyctl_get_security( self.id, buffer.as_mut_ptr() as *mut libc::c_char, sz as usize, ) - })?; + }; + check_call(actual_sz)?; unsafe { buffer.set_len(actual_sz as usize) }; let str_slice = str::from_utf8(&buffer[..]).unwrap(); Ok(str_slice.to_owned()) @@ -500,7 +500,7 @@ impl Keyring { /// Invalidates the keyring and schedules it for removal. Requires the `search` permission on /// the keyring. pub fn invalidate(self) -> Result<()> { - check_call(unsafe { keyctl_invalidate(self.id) }, ()) + check_call(unsafe { keyctl_invalidate(self.id) }) } } @@ -531,7 +531,11 @@ impl Key { K: KeyType, D: Borrow, { - Keyring::new_impl(0).request_key::(description) + check_call_key(request_impl::( + &description.borrow().description(), + None, + None, + )) } /// Requests a key with the given description by searching the thread, process, and session @@ -545,7 +549,11 @@ impl Key { D: Borrow, I: AsRef, { - Keyring::new_impl(0).request_key_with_fallback::(description, info) + check_call_key(request_impl::( + &description.borrow().description(), + Some(info.as_ref()), + None, + )) } /// Update the payload in the key. @@ -554,10 +562,9 @@ impl Key { D: AsRef<[u8]>, { let data = data.as_ref(); - check_call( - unsafe { keyctl_update(self.id, data.as_ptr() as *const libc::c_void, data.len()) }, - (), - ) + check_call(unsafe { + keyctl_update(self.id, data.as_ptr() as *const libc::c_void, data.len()) + }) } /// Revokes the key. Requires `write` permission on the key. @@ -600,15 +607,17 @@ impl Key { /// Read the payload of the key. Requires `read` permissions on the key. pub fn read(&self) -> Result> { - let sz = check_call_ret(unsafe { keyctl_read(self.id, ptr::null_mut(), 0) })?; + let sz = unsafe { keyctl_read(self.id, ptr::null_mut(), 0) }; + check_call(sz)?; let mut buffer = Vec::with_capacity(sz as usize); - let actual_sz = check_call_ret(unsafe { + let actual_sz = unsafe { keyctl_read( self.id, buffer.as_mut_ptr() as *mut libc::c_char, sz as usize, ) - })?; + }; + check_call(actual_sz)?; unsafe { buffer.set_len(actual_sz as usize) }; Ok(buffer) } @@ -645,15 +654,13 @@ impl Key { /// /// See `KeyManager::request_key_auth_key`. pub fn manage(&mut self) -> Result { - check_call( - unsafe { keyctl_assume_authority(self.id) }, - KeyManager::new(Key::new_impl(self.id)), - ) + check_call(unsafe { keyctl_assume_authority(Some(self.id)) })?; + Ok(KeyManager::new(Key::new_impl(self.id))) } /// Compute a Diffie-Hellman prime for use as a shared secret or public key. pub fn compute_dh(private: &Key, prime: &Key, base: &Key) -> Result> { - let sz = check_call_ret(unsafe { + let sz = unsafe { keyctl_dh_compute( private.id, prime.id, @@ -661,9 +668,10 @@ impl Key { ptr::null_mut() as *mut libc::c_char, 0, ) - })?; + }; + check_call(sz)?; let mut buffer = Vec::with_capacity(sz as usize); - let actual_sz = check_call_ret(unsafe { + let actual_sz = unsafe { keyctl_dh_compute( private.id, prime.id, @@ -671,7 +679,8 @@ impl Key { buffer.as_mut_ptr() as *mut libc::c_char, sz as usize, ) - })?; + }; + check_call(actual_sz)?; unsafe { buffer.set_len(actual_sz as usize) }; Ok(buffer) } @@ -746,15 +755,14 @@ impl KeyManager { /// /// This key must be present in an available keyring before `Key::manage` may be called. pub fn request_key_auth_key(create: bool) -> Result { - let res = unsafe { keyctl_get_keyring_ID(KEY_SPEC_REQKEY_AUTH_KEY, create as libc::c_int) }; - check_call(i64::from(res), Key::new_impl(res)) + check_call_key(unsafe { keyctl_get_keyring_ID(KEY_SPEC_REQKEY_AUTH_KEY, create.into()) }) } /// Drop authority for the current thread. /// /// This invalidates pub fn drop_authority() -> Result<()> { - check_call(unsafe { keyctl_assume_authority(0) }, ()) + check_call(unsafe { keyctl_assume_authority(None) }) } /// Instantiate the key with the given payload. @@ -763,17 +771,14 @@ impl KeyManager { P: AsRef<[u8]>, { let payload = payload.as_ref(); - check_call( - unsafe { - keyctl_instantiate( - self.key.id, - payload.as_ptr() as *const libc::c_void, - payload.len(), - keyring.id, - ) - }, - (), - ) + check_call(unsafe { + keyctl_instantiate( + self.key.id, + payload.as_ptr() as *const libc::c_void, + payload.len(), + keyring.id, + ) + }) } /// Reject the key with the given `error`. @@ -784,17 +789,14 @@ impl KeyManager { /// `write` permission on the keyring. pub fn reject(self, keyring: &Keyring, timeout: Duration, error: errno::Errno) -> Result<()> { let errno::Errno(errval) = error; - check_call( - unsafe { - keyctl_reject( - self.key.id, - timeout.as_secs() as u32, - errval as u32, - keyring.id, - ) - }, - (), - ) + check_call(unsafe { + keyctl_reject( + self.key.id, + timeout.as_secs() as TimeoutSeconds, + errval as u32, + keyring.id, + ) + }) } /// Reject the key with `ENOKEY`. @@ -804,10 +806,9 @@ impl KeyManager { /// requesting a non-existant key repeatedly. The requester must have /// `write` permission on the keyring. pub fn negate(self, keyring: &Keyring, timeout: Duration) -> Result<()> { - check_call( - unsafe { keyctl_negate(self.key.id, timeout.as_secs() as u32, keyring.id) }, - (), - ) + check_call(unsafe { + keyctl_negate(self.key.id, timeout.as_secs() as TimeoutSeconds, keyring.id) + }) } } diff --git a/src/constants.rs b/src/constants.rs index 0d3223f..6b43190 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -25,7 +25,7 @@ // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. use bitflags::bitflags; -use libkeyutils_sys::*; +use keyutils_raw::*; /// Special keyrings predefined for a process. pub enum SpecialKeyring { @@ -43,9 +43,6 @@ pub enum SpecialKeyring { Group, } -/// The kernel type for representing a keyring (or key). -pub type KeyringSerial = i32; - impl SpecialKeyring { /// Retrieve the serial number for the special keyring. pub fn serial(self) -> KeyringSerial { @@ -60,78 +57,6 @@ impl SpecialKeyring { } } -/// An enumeration for the keyrings which may be set as the default. -/// -/// Keys which are implicitly required via syscalls and other operations are placed in the -/// default keyring. -pub enum DefaultKeyring { - /// Do not change the default keyring. - /// - /// This may be used to get the current default keyring. - NoChange, - /// Set the thread-specific keyring as the default. - ThreadKeyring, - /// Set the process-specific keyring as the default. - ProcessKeyring, - /// Set the session-specific keyring as the default. - SessionKeyring, - /// Set the user-specific keyring as the default. - UserKeyring, - /// Set the user session-specific keyring as the default. - UserSessionKeyring, - /// Set the user session-specific keyring as the default. - GroupKeyring, - /// Set the default keyring to the default logic. - /// - /// Keys will be placed in the first available keyring of: - /// - /// - thread-specific - /// - process-specific - /// - session-specific - /// - user-specific - DefaultKeyring, -} - -/// The kernel type for representing a default keyring. -pub type KeyringDefaultSerial = i32; - -impl DefaultKeyring { - /// Retrieve the serial number for the default keyring. - pub fn serial(self) -> KeyringDefaultSerial { - match self { - DefaultKeyring::NoChange => KEY_REQKEY_DEFL_NO_CHANGE, - DefaultKeyring::ThreadKeyring => KEY_REQKEY_DEFL_THREAD_KEYRING, - DefaultKeyring::ProcessKeyring => KEY_REQKEY_DEFL_PROCESS_KEYRING, - DefaultKeyring::SessionKeyring => KEY_REQKEY_DEFL_SESSION_KEYRING, - DefaultKeyring::UserKeyring => KEY_REQKEY_DEFL_USER_KEYRING, - DefaultKeyring::UserSessionKeyring => KEY_REQKEY_DEFL_USER_SESSION_KEYRING, - DefaultKeyring::GroupKeyring => KEY_REQKEY_DEFL_GROUP_KEYRING, - DefaultKeyring::DefaultKeyring => KEY_REQKEY_DEFL_DEFAULT, - } - } -} - -impl From for DefaultKeyring { - fn from(id: i32) -> DefaultKeyring { - match id { - KEY_REQKEY_DEFL_NO_CHANGE => DefaultKeyring::NoChange, - KEY_REQKEY_DEFL_THREAD_KEYRING => DefaultKeyring::ThreadKeyring, - KEY_REQKEY_DEFL_PROCESS_KEYRING => DefaultKeyring::ProcessKeyring, - KEY_REQKEY_DEFL_SESSION_KEYRING => DefaultKeyring::SessionKeyring, - KEY_REQKEY_DEFL_USER_KEYRING => DefaultKeyring::UserKeyring, - KEY_REQKEY_DEFL_USER_SESSION_KEYRING => DefaultKeyring::UserSessionKeyring, - KEY_REQKEY_DEFL_GROUP_KEYRING => DefaultKeyring::GroupKeyring, - KEY_REQKEY_DEFL_DEFAULT => DefaultKeyring::DefaultKeyring, - _ => panic!("Invalid value for a default keyring: {}", id), - } - } -} - -/// The kernel type for representing a keyring's or key's permission. -/// -/// See `Permission`. -pub type KeyPermissions = u32; - bitflags! { /// Permission bits for keyring objects. /// @@ -232,39 +157,6 @@ fn test_keyring_ids() { assert_eq!(SpecialKeyring::Group.serial(), KEY_SPEC_GROUP_KEYRING); } -#[test] -fn test_default_keyring_ids() { - assert_eq!(DefaultKeyring::NoChange.serial(), KEY_REQKEY_DEFL_NO_CHANGE); - assert_eq!( - DefaultKeyring::ThreadKeyring.serial(), - KEY_REQKEY_DEFL_THREAD_KEYRING - ); - assert_eq!( - DefaultKeyring::ProcessKeyring.serial(), - KEY_REQKEY_DEFL_PROCESS_KEYRING - ); - assert_eq!( - DefaultKeyring::SessionKeyring.serial(), - KEY_REQKEY_DEFL_SESSION_KEYRING - ); - assert_eq!( - DefaultKeyring::UserKeyring.serial(), - KEY_REQKEY_DEFL_USER_KEYRING - ); - assert_eq!( - DefaultKeyring::UserSessionKeyring.serial(), - KEY_REQKEY_DEFL_USER_SESSION_KEYRING - ); - assert_eq!( - DefaultKeyring::GroupKeyring.serial(), - KEY_REQKEY_DEFL_GROUP_KEYRING - ); - assert_eq!( - DefaultKeyring::DefaultKeyring.serial(), - KEY_REQKEY_DEFL_DEFAULT - ); -} - #[test] fn test_permission_bits() { assert_eq!(Permission::POSSESSOR_VIEW.bits, KEY_POS_VIEW); diff --git a/src/keytypes/big_key.rs b/src/keytypes/big_key.rs index 6b9e6ba..86ca638 100644 --- a/src/keytypes/big_key.rs +++ b/src/keytypes/big_key.rs @@ -27,6 +27,7 @@ //! Big keys use crate::keytype::*; +use keyutils_raw::KEY_TYPE_BIG_KEY; /// Big keys. /// @@ -42,6 +43,6 @@ impl KeyType for BigKey { type Payload = [u8]; fn name() -> &'static str { - "big_key" + KEY_TYPE_BIG_KEY } } diff --git a/src/keytypes/keyring.rs b/src/keytypes/keyring.rs index 77f8b58..2c767e2 100644 --- a/src/keytypes/keyring.rs +++ b/src/keytypes/keyring.rs @@ -27,6 +27,7 @@ //! Keyrings use crate::keytype::*; +use keyutils_raw::KEY_TYPE_KEYRING; /// Keyrings contain other keys. #[derive(Debug, Default, Clone, Copy, PartialEq, Eq)] @@ -39,6 +40,6 @@ impl KeyType for Keyring { type Payload = (); fn name() -> &'static str { - "keyring" + KEY_TYPE_KEYRING } } diff --git a/src/keytypes/logon.rs b/src/keytypes/logon.rs index 7605b82..abd488a 100644 --- a/src/keytypes/logon.rs +++ b/src/keytypes/logon.rs @@ -30,7 +30,7 @@ use std::borrow::Cow; -use libkeyutils_sys::KEY_TYPE_LOGON; +use keyutils_raw::KEY_TYPE_LOGON; use crate::keytype::*; diff --git a/src/keytypes/user.rs b/src/keytypes/user.rs index 816e41a..ade4c0c 100644 --- a/src/keytypes/user.rs +++ b/src/keytypes/user.rs @@ -26,7 +26,7 @@ //! User keys -use libkeyutils_sys::KEY_TYPE_USER; +use keyutils_raw::KEY_TYPE_USER; use crate::keytype::*; diff --git a/src/lib.rs b/src/lib.rs index 3134712..1b90988 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -39,3 +39,5 @@ pub mod keytypes; pub use self::api::*; pub use self::constants::*; pub use self::keytype::*; + +pub use keyutils_raw::{DefaultKeyring, KeyPermissions, KeyringSerial, TimeoutSeconds};