X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-keys/blobdiff_plain/b65e1f934c6951c5943634f38ae4098573b94b0f..2235222bb9739a1e6713b49290906c5b4cf08f04:/keyfunc.sh.in diff --git a/keyfunc.sh.in b/keyfunc.sh.in index aae5598..a618e66 100644 --- a/keyfunc.sh.in +++ b/keyfunc.sh.in @@ -28,15 +28,26 @@ quis=${0##*/} ###-------------------------------------------------------------------------- ### Configuration variables. +## Automatically configured pathnames. PACKAGE="@PACKAGE@" VERSION="@VERSION@" bindir="@bindir@" -case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac - +## Read user configuration. if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi +## Maybe turn on debugging. case "${KEYS_DEBUG+t}" in t) set -x ;; esac +## Fake up caller credentials if not called via userv. +case "${USERV_USER+t}" in + t) ;; + *) USERV_USER=${LOGNAME-${USER-$(id -un)}} USERV_UID=$(id -u) ;; +esac +case "${USERV_GROUP+t}" in + t) ;; + *) USERV_GROUP=$(id -Gn) USERV_GID=$(id -gn) ;; +esac + ###-------------------------------------------------------------------------- ### Cleanup handling. @@ -118,6 +129,17 @@ parse_keylabel () { knub=$KEYS/nub/$kowner/$klabel } +runas () { + user=$1 service=$2; shift 2 + ## If the current (effective) user is not USER then reinvoke via `userv', + ## as the specified service, with the remaining arguments. + + case $(id -un) in + "$user") ;; + *) exec userv "$user" "$service" "$@" ;; + esac +} + ###-------------------------------------------------------------------------- ### Input validation functions. @@ -133,7 +155,7 @@ check () { validp=t case "$thing" in *"$nl"*) validp=nil ;; - *) if ! expr >/dev/null "$thing" : "$ckpat\$"; then validp=nil; fi ;; + *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;; esac case $validp in nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;; @@ -142,10 +164,13 @@ check () { ## Regular expressions for validating input. R_IDENTCHARS="A-Za-z0-9_" -R_WORDCHARS="-$R_IDENTCHARS!%@+=" +R_GOODPUNCT="!%@+=" +R_WORDCHARS="-$R_IDENTCHARS$R_GOODPUNCT" R_IDENT="[$R_IDENTCHARS][$R_IDENTCHARS]*" R_WORD="[$R_WORDCHARS][$R_WORDCHARS]*" +R_ACLCHARS="][$R_IDENTCHARS$R_GOODPUNCT*?:.#" R_WORDSEQ="[$R_WORDCHARS[:space:]][$R_WORDCHARS[:space:]]*" +R_ACL="[$R_ACLCHARS[:space:]-][$R_ACLCHARS[:space:]-]*" R_NUMERIC='\(\([1-9][0-9]*\)\{0,1\}0\{0,1\}\)' R_LABEL="\($R_WORD\(/$R_WORD\)*\)" R_LINE=".*" @@ -227,9 +252,14 @@ defprops g_props </dev/null \ - if=/dev/${kprop_random-random} bs=1 count=${kprop_nubsz-512} | - openssl dgst -${kprop_nubhash-sha384} -binary | + if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} | + openssl dgst -${kprop_nub_hash-sha256} -binary | openssl base64 } nubid () { ## Compute a hash of the key nub in stdin, and write it to stdout in hex. - ## The property `nubidhash' is used. + ## The property `nubid_hash' is used. - { echo "distorted-keys nubid"; cat -; } | - openssl dgst -${kprop_nubidhash-sha256} + ## Stupid dance because the output incompatibly grew a filename, in order + ## to demonstrate the same idiocy as GNU mumblesum. + set _ $({ echo "distorted-keys nubid"; cat -; } | + openssl dgst -${kprop_nubid_hash-sha256}) + echo $2 } subst () { @@ -327,9 +361,10 @@ subst () { } read_profile () { - profile=$1 + owner=$1 profile=$2 ## Read property settings from a profile. The PROFILE name has the form - ## [USER:]LABEL. Properties are set using `setprops' with prefix `kprop_'. + ## [USER:]LABEL; USER defaults to OWNER. Properties are set using + ## `setprops' with prefix `kprop_'. reqtmp case "$profile" in @@ -337,7 +372,7 @@ read_profile () { label=${profile#:} uservp=nil ;; *) - user=$USERV_USER label=$profile uservp=t + user=$kowner label=$profile uservp=t ;; *:*) user=${profile%%:*} label=${profile#*:} uservp=t @@ -350,7 +385,7 @@ read_profile () { case $uservp in t) checkword "profile user" "$user" - userv "$user" cryptop-profile "$label" >$tmp/profile + userv "$user" cryptop-profile "$label" >$tmp/profile $tmp/profile @@ -424,16 +459,18 @@ k_verify () { notsupp verify; } prepare () { key=$1 op=$2 ## Prepare for a crypto operation OP, using the KEY. This validates the - ## key label, reads the profile, and checks the access-control list. + ## key label, reads the profile, and checks the access-control list. If OP + ## is `-' then allow the operation unconditionally. ## Find the key properties. parse_keylabel "$key" if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi readmeta $kdir - read_profile "$profile" + read_profile $kowner "$profile" ## Check whether we're allowed to do this thing. This is annoyingly ## fiddly. + case $op in -) return ;; esac eval acl=\${kprop_acl_$op-!owner} verdict=forbid while :; do @@ -474,7 +511,7 @@ prepare () { done case $verdict in - forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit ;; + forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit 1 ;; esac } @@ -520,6 +557,31 @@ c_sysverify () { c_sysop verify "$1" /dev/null; } ###-------------------------------------------------------------------------- ### Recovery operations. +sharethresh () { + pf=$1 + ## Return the sharing threshold from the parameter file PARAM. + + read param <"$pf" + case "$param" in + shamir-params:*) ;; + *) + echo >&2 "$quis: secret sharing parameter file damaged (wrong header)" + exit 1 + ;; + esac + t=";${param#*:}" + case "$t" in + *";t="*) ;; + *) + echo >&2 "$quis: secret sharing parameter file damaged (missing t)" + exit 1 + ;; + esac + t=${t#*;t=} + t=${t%%;*} + echo "$t" +} + stash () { recov=$1 label=$2 ## Stash a copy of stdin encrypted under the recovery key RECOV, with a