~mdw
/
distorted-keys
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
cryptop.public: Don't check an ACL.
[distorted-keys]
/
keyfunc.sh.in
diff --git
a/keyfunc.sh.in
b/keyfunc.sh.in
index
bfcb26b
..
f134198
100644
(file)
--- a/
keyfunc.sh.in
+++ b/
keyfunc.sh.in
@@
-28,13
+28,14
@@
quis=${0##*/}
###--------------------------------------------------------------------------
### Configuration variables.
###--------------------------------------------------------------------------
### Configuration variables.
+## Automatically configured pathnames.
PACKAGE="@PACKAGE@" VERSION="@VERSION@"
bindir="@bindir@"
PACKAGE="@PACKAGE@" VERSION="@VERSION@"
bindir="@bindir@"
-case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
-
+## Read user configuration.
if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
+## Maybe turn on debugging.
case "${KEYS_DEBUG+t}" in t) set -x ;; esac
###--------------------------------------------------------------------------
case "${KEYS_DEBUG+t}" in t) set -x ;; esac
###--------------------------------------------------------------------------
@@
-425,7
+426,8
@@
k_verify () { notsupp verify; }
prepare () {
key=$1 op=$2
## Prepare for a crypto operation OP, using the KEY. This validates the
prepare () {
key=$1 op=$2
## Prepare for a crypto operation OP, using the KEY. This validates the
- ## key label, reads the profile, and checks the access-control list.
+ ## key label, reads the profile, and checks the access-control list. If OP
+ ## is `-' then allow the operation unconditionally.
## Find the key properties.
parse_keylabel "$key"
## Find the key properties.
parse_keylabel "$key"
@@
-435,6
+437,7
@@
prepare () {
## Check whether we're allowed to do this thing. This is annoyingly
## fiddly.
## Check whether we're allowed to do this thing. This is annoyingly
## fiddly.
+ case $op in -) return ;; esac
eval acl=\${kprop_acl_$op-!owner}
verdict=forbid
while :; do
eval acl=\${kprop_acl_$op-!owner}
verdict=forbid
while :; do