~mdw
/
distorted-keys
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
keyfunc.sh.in (prepare): Indicate that an ACL check isn't necessary.
[distorted-keys]
/
keyfunc.sh.in
diff --git
a/keyfunc.sh.in
b/keyfunc.sh.in
index
bad5af1
..
f134198
100644
(file)
--- a/
keyfunc.sh.in
+++ b/
keyfunc.sh.in
@@
-426,7
+426,8
@@
k_verify () { notsupp verify; }
prepare () {
key=$1 op=$2
## Prepare for a crypto operation OP, using the KEY. This validates the
prepare () {
key=$1 op=$2
## Prepare for a crypto operation OP, using the KEY. This validates the
- ## key label, reads the profile, and checks the access-control list.
+ ## key label, reads the profile, and checks the access-control list. If OP
+ ## is `-' then allow the operation unconditionally.
## Find the key properties.
parse_keylabel "$key"
## Find the key properties.
parse_keylabel "$key"
@@
-436,6
+437,7
@@
prepare () {
## Check whether we're allowed to do this thing. This is annoyingly
## fiddly.
## Check whether we're allowed to do this thing. This is annoyingly
## fiddly.
+ case $op in -) return ;; esac
eval acl=\${kprop_acl_$op-!owner}
verdict=forbid
while :; do
eval acl=\${kprop_acl_$op-!owner}
verdict=forbid
while :; do