keyutils/
constants.rs

1// Copyright (c) 2018, Ben Boeckel
2// All rights reserved.
3//
4// Redistribution and use in source and binary forms, with or without modification,
5// are permitted provided that the following conditions are met:
6//
7//     * Redistributions of source code must retain the above copyright notice,
8//       this list of conditions and the following disclaimer.
9//     * Redistributions in binary form must reproduce the above copyright notice,
10//       this list of conditions and the following disclaimer in the documentation
11//       and/or other materials provided with the distribution.
12//     * Neither the name of this project nor the names of its contributors
13//       may be used to endorse or promote products derived from this software
14//       without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
17// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
20// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
23// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
27use bitflags::bitflags;
28use keyutils_raw::*;
29
30/// Special keyrings predefined for a process.
31#[derive(Debug, PartialEq, Eq, Clone, Copy)]
32// #[non_exhaustive]
33pub enum SpecialKeyring {
34    /// A thread-specific keyring.
35    Thread,
36    /// A process-specific keyring.
37    Process,
38    /// A session-specific keyring.
39    Session,
40    /// A user-specific keyring.
41    User,
42    /// A user session-specific keyring.
43    UserSession,
44    /// A group-specific keyring.
45    Group,
46}
47
48impl SpecialKeyring {
49    /// Retrieve the serial number for the special keyring.
50    pub fn serial(self) -> KeyringSerial {
51        match self {
52            SpecialKeyring::Thread => KEY_SPEC_THREAD_KEYRING,
53            SpecialKeyring::Process => KEY_SPEC_PROCESS_KEYRING,
54            SpecialKeyring::Session => KEY_SPEC_SESSION_KEYRING,
55            SpecialKeyring::User => KEY_SPEC_USER_KEYRING,
56            SpecialKeyring::UserSession => KEY_SPEC_USER_SESSION_KEYRING,
57            SpecialKeyring::Group => KEY_SPEC_GROUP_KEYRING,
58        }
59    }
60}
61
62bitflags! {
63    /// Permission bits for keyring objects.
64    ///
65    /// Keyrings and keys contain four sets of permissions. First, there are three permission sets
66    /// used is based on which of the owning user's ID, the group ID associated with the key or
67    /// keyring, and a third set which is used when neither of the other two match.
68    ///
69    /// The fourth set is combined with the permission set used above (priority to user, then
70    /// group, finally other) where either set granting a permission allows it. This set is,
71    /// however, only used if the caller is a "possessor" of they key or keyring. Generally,
72    /// "possession" requires the `search` permission, association from the calling thread
73    /// (the session, process, and thread keyrings), or is linked to from a possessed keyring. See
74    /// `keyrings(7)` for complete details.
75    pub struct Permission: KeyPermissions {
76        /// Possession allows viewing attributes about the key or keyring.
77        const POSSESSOR_VIEW            = KEY_POS_VIEW;
78        /// Possession allows reading a key's contents or a keyring's subkeys.
79        const POSSESSOR_READ            = KEY_POS_READ;
80        /// Possession allows writing a key's content, revoking a key, or adding and removing a
81        /// keyring's links.
82        const POSSESSOR_WRITE           = KEY_POS_WRITE;
83        /// Possession allows searching within a keyring and the key or keyring may be discovered
84        /// during a search.
85        const POSSESSOR_SEARCH          = KEY_POS_SEARCH;
86        /// Possession allows linking to the key from a keyring.
87        const POSSESSOR_LINK            = KEY_POS_LINK;
88        /// Possession allows changing ownership details, security labels, and the expiration
89        /// time of a key.
90        const POSSESSOR_SET_ATTRIBUTE   = KEY_POS_SETATTR;
91        /// Possession grants all permissions.
92        const POSSESSOR_ALL             = KEY_POS_ALL;
93
94        /// A user ID match allows viewing attributes about the key or keyring.
95        const USER_VIEW             = KEY_USR_VIEW;
96        /// A user ID match allows reading a key's contents or a keyring's subkeys.
97        const USER_READ             = KEY_USR_READ;
98        /// A user ID match allows writing a key's content, revoking a key, or adding and removing
99        /// a keyring's links.
100        const USER_WRITE            = KEY_USR_WRITE;
101        /// A user ID match allows searching within a keyring and the key or keyring may be
102        /// discovered during a search.
103        const USER_SEARCH           = KEY_USR_SEARCH;
104        /// A user ID match allows linking to the key from a keyring.
105        const USER_LINK             = KEY_USR_LINK;
106        /// A user ID match allows changing ownership details, security labels, and the expiration
107        /// time of a key.
108        const USER_SET_ATTRIBUTE    = KEY_USR_SETATTR;
109        /// The user is granted all permissions.
110        const USER_ALL              = KEY_USR_ALL;
111
112        /// A group ID match allows viewing attributes about the key or keyring.
113        const GROUP_VIEW            = KEY_GRP_VIEW;
114        /// A group ID match allows reading a key's contents or a keyring's subkeys.
115        const GROUP_READ            = KEY_GRP_READ;
116        /// A group ID match allows writing a key's content, revoking a key, or adding and removing
117        /// a keyring's links.
118        const GROUP_WRITE           = KEY_GRP_WRITE;
119        /// A group ID match allows searching within a keyring and the key or keyring may be
120        /// discovered during a search.
121        const GROUP_SEARCH          = KEY_GRP_SEARCH;
122        /// A group ID match allows linking to the key from a keyring.
123        const GROUP_LINK            = KEY_GRP_LINK;
124        /// A group ID match allows changing ownership details, security labels, and the expiration
125        /// time of a key.
126        const GROUP_SET_ATTRIBUTE   = KEY_GRP_SETATTR;
127        /// The group is granted all permissions.
128        const GROUP_ALL             = KEY_GRP_ALL;
129
130        /// Allows viewing attributes about the key or keyring.
131        const OTHER_VIEW            = KEY_OTH_VIEW;
132        /// Allows reading a key's contents or a keyring's subkeys.
133        const OTHER_READ            = KEY_OTH_READ;
134        /// Allows writing a key's content, revoking a key, or adding and removing a keyring's
135        /// links.
136        const OTHER_WRITE           = KEY_OTH_WRITE;
137        /// Allows searching within a keyring and the key or keyring may be discovered during a
138        /// search.
139        const OTHER_SEARCH          = KEY_OTH_SEARCH;
140        /// Allows linking to the key from a keyring.
141        const OTHER_LINK            = KEY_OTH_LINK;
142        /// Allows changing ownership details, security labels, and the expiration time of a key.
143        const OTHER_SET_ATTRIBUTE   = KEY_OTH_SETATTR;
144        /// All permissions.
145        const OTHER_ALL             = KEY_OTH_ALL;
146    }
147}
148
149/// They kernel type for representing support for optional features.
150///
151/// Asymmetric keys might only support a limited set of operations. These flags indicate which
152/// operations are available.
153pub type KeyctlSupportFlags = u32;
154
155bitflags! {
156    struct KeyctlSupportFlag: KeyctlSupportFlags {
157        const SUPPORTS_ENCRYPT  = 0x01;
158        const SUPPORTS_DECRYPT  = 0x02;
159        const SUPPORTS_SIGN     = 0x04;
160        const SUPPORTS_VERIFY   = 0x08;
161    }
162}
163
164#[test]
165fn test_keyring_ids() {
166    assert_eq!(SpecialKeyring::Thread.serial(), KEY_SPEC_THREAD_KEYRING);
167    assert_eq!(SpecialKeyring::Process.serial(), KEY_SPEC_PROCESS_KEYRING);
168    assert_eq!(SpecialKeyring::Session.serial(), KEY_SPEC_SESSION_KEYRING);
169    assert_eq!(SpecialKeyring::User.serial(), KEY_SPEC_USER_KEYRING);
170    assert_eq!(
171        SpecialKeyring::UserSession.serial(),
172        KEY_SPEC_USER_SESSION_KEYRING
173    );
174    assert_eq!(SpecialKeyring::Group.serial(), KEY_SPEC_GROUP_KEYRING);
175}
176
177#[test]
178fn test_possessor_permission_bits() {
179    assert_eq!(Permission::POSSESSOR_VIEW.bits, KEY_POS_VIEW);
180    assert_eq!(Permission::POSSESSOR_READ.bits, KEY_POS_READ);
181    assert_eq!(Permission::POSSESSOR_WRITE.bits, KEY_POS_WRITE);
182    assert_eq!(Permission::POSSESSOR_SEARCH.bits, KEY_POS_SEARCH);
183    assert_eq!(Permission::POSSESSOR_LINK.bits, KEY_POS_LINK);
184    assert_eq!(Permission::POSSESSOR_SET_ATTRIBUTE.bits, KEY_POS_SETATTR);
185    assert_eq!(Permission::POSSESSOR_ALL.bits, KEY_POS_ALL);
186}
187
188#[test]
189fn test_user_permission_bits() {
190    assert_eq!(Permission::USER_VIEW.bits, KEY_USR_VIEW);
191    assert_eq!(Permission::USER_READ.bits, KEY_USR_READ);
192    assert_eq!(Permission::USER_WRITE.bits, KEY_USR_WRITE);
193    assert_eq!(Permission::USER_SEARCH.bits, KEY_USR_SEARCH);
194    assert_eq!(Permission::USER_LINK.bits, KEY_USR_LINK);
195    assert_eq!(Permission::USER_SET_ATTRIBUTE.bits, KEY_USR_SETATTR);
196    assert_eq!(Permission::USER_ALL.bits, KEY_USR_ALL);
197}
198
199#[test]
200fn test_group_permission_bits() {
201    assert_eq!(Permission::GROUP_VIEW.bits, KEY_GRP_VIEW);
202    assert_eq!(Permission::GROUP_READ.bits, KEY_GRP_READ);
203    assert_eq!(Permission::GROUP_WRITE.bits, KEY_GRP_WRITE);
204    assert_eq!(Permission::GROUP_SEARCH.bits, KEY_GRP_SEARCH);
205    assert_eq!(Permission::GROUP_LINK.bits, KEY_GRP_LINK);
206    assert_eq!(Permission::GROUP_SET_ATTRIBUTE.bits, KEY_GRP_SETATTR);
207    assert_eq!(Permission::GROUP_ALL.bits, KEY_GRP_ALL);
208}
209
210#[test]
211fn test_other_permission_bits() {
212    assert_eq!(Permission::OTHER_VIEW.bits, KEY_OTH_VIEW);
213    assert_eq!(Permission::OTHER_READ.bits, KEY_OTH_READ);
214    assert_eq!(Permission::OTHER_WRITE.bits, KEY_OTH_WRITE);
215    assert_eq!(Permission::OTHER_SEARCH.bits, KEY_OTH_SEARCH);
216    assert_eq!(Permission::OTHER_LINK.bits, KEY_OTH_LINK);
217    assert_eq!(Permission::OTHER_SET_ATTRIBUTE.bits, KEY_OTH_SETATTR);
218    assert_eq!(Permission::OTHER_ALL.bits, KEY_OTH_ALL);
219}
220
221#[test]
222fn test_support_flags() {
223    assert_eq!(
224        KeyctlSupportFlag::SUPPORTS_ENCRYPT.bits,
225        KEYCTL_SUPPORTS_ENCRYPT,
226    );
227    assert_eq!(
228        KeyctlSupportFlag::SUPPORTS_DECRYPT.bits,
229        KEYCTL_SUPPORTS_DECRYPT,
230    );
231    assert_eq!(KeyctlSupportFlag::SUPPORTS_SIGN.bits, KEYCTL_SUPPORTS_SIGN);
232    assert_eq!(
233        KeyctlSupportFlag::SUPPORTS_VERIFY.bits,
234        KEYCTL_SUPPORTS_VERIFY,
235    );
236}
keyutils/constants.rs

keyutils/
constants.rs
