Programs invoke themselves via `userv' if necessary.

This will prevent the permissions in the key store being messed up.  To
this end:

  * Move `cryptop' to @bindir@ where we can expect users to find it, and
    move `keys' to @sbindir@ where only administrators are likely to
    look.

  * Add a new userv service for `keys', with some configuration files
    listing the permitted users.

diff --git a/Makefile.am b/Makefile.am
index 2898615..1d362c8 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -81,7 +81,7 @@ extract-profile: extract-profile.in Makefile
 ### Main driver program and commands.
 
 ## Main driver.
-bin_SCRIPTS            += keys
+sbin_SCRIPTS           += keys
 EXTRA_DIST             += keys.in
 CLEANFILES             += keys
 keys: keys.in Makefile
@@ -111,7 +111,7 @@ dist_pkglib_SCRIPTS += keys.stash
 ### Crypto operations.
 
 ## Main driver program.
-sbin_SCRIPTS           += cryptop
+bin_SCRIPTS            += cryptop
 EXTRA_DIST             += cryptop.in
 CLEANFILES             += cryptop
 cryptop: cryptop.in Makefile
@@ -170,4 +170,6 @@ EXTRA_DIST          += debian/rules debian/compat
 EXTRA_DIST             += debian/distorted-keys.install
 EXTRA_DIST             += debian/distorted-keys.postinst
 
+EXTRA_DIST             += debian/admin.users debian/admin.groups
+
 ###----- That's all, folks --------------------------------------------------

diff --git a/cryptop.in b/cryptop.in
index 7b38a0a..064b595 100755 (executable)
--- a/cryptop.in
+++ b/cryptop.in
@@ -34,6 +34,8 @@ export ETC KEYS KEYSLIB
 usage="usage: $quis COMMAND [ARGUMENTS ...]"
 prefix=cryptop
 
+runas @user@ cryptop "$@"
+
 ## Parse options.
 while getopts "hv" opt; do
   case "$opt" in

diff --git a/debian/admin.groups b/debian/admin.groups
new file mode 100644 (file)
index 0000000..0b25372
--- /dev/null
+++ b/debian/admin.groups
@@ -0,0 +1,3 @@
+### -*-conf-*-
+###
+### Groups with administrative privileges, one per line.

diff --git a/debian/admin.users b/debian/admin.users
new file mode 100644 (file)
index 0000000..a48d55d
--- /dev/null
+++ b/debian/admin.users
@@ -0,0 +1,5 @@
+### -*-conf-*-
+###
+### Users with administrative privileges, one per line.
+
+root

diff --git a/debian/distorted-keys.install b/debian/distorted-keys.install
index bd97052..83b30ea 100644 (file)
--- a/debian/distorted-keys.install
+++ b/debian/distorted-keys.install
@@ -1 +1,3 @@
 debian/build/userv/distorted-keys      /etc/userv/default.d
+debian/admin.users                     /etc/distorted-keys
+debian/admin.groups                    /etc/distorted-keys

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index b55bd99..6316816 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -129,6 +129,17 @@ parse_keylabel () {
   knub=$KEYS/nub/$kowner/$klabel
 }
 
+runas () {
+  user=$1 service=$2; shift 2
+  ## If the current (effective) user is not USER then reinvoke via `userv',
+  ## as the specified service, with the remaining arguments.
+
+  case $(id -un) in
+    "$user") ;;
+    *) exec userv "$user" "$service" "$@" ;;
+  esac
+}
+
 ###--------------------------------------------------------------------------
 ### Input validation functions.
 

diff --git a/keys.in b/keys.in
index 2676d56..5baa9f5 100755 (executable)
--- a/keys.in
+++ b/keys.in
@@ -34,6 +34,8 @@ export ETC KEYS KEYSLIB
 usage="usage: $quis COMMAND [ARGUMENTS ...]"
 prefix=keys
 
+runas @user@ keys "$@"
+
 ## Parse options.
 while getopts "hv" opt; do
   case "$opt" in

diff --git a/userv/distorted-keys.in b/userv/distorted-keys.in
index 2f618aa..07ecd4a 100644 (file)
--- a/userv/distorted-keys.in
+++ b/userv/distorted-keys.in
@@ -14,7 +14,24 @@ if ( glob service cryptop
        require-fd 1-2 write
        ignore-fd 3-
        no-set-environment
-       execute @sbindir@/cryptop
+       execute @bindir@/cryptop
+fi
+
+###--------------------------------------------------------------------------
+### Key administration operations.
+
+if ( glob service keys
+   & glob service-user @user@
+   & ( grep calling-user @pkgconfdir@/admin.users
+     | grep calling-group @pkgconfdir@/admin.groups
+     )
+   )
+       no-suppress-args
+       require-fd 0 read
+       require-fd 1-2 write
+       ignore-fd 3-
+       no-set-environment
+       execute @sbindir@/keys
 fi
 
 ###--------------------------------------------------------------------------