forked from jsipprell/keyctl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
perms.go
113 lines (93 loc) · 2.25 KB
/
perms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package keyctl
// KeyPerm represents in-kernel access control permission to keys and keyrings
// as a 32-bit integer broken up into four permission sets, one per byte.
// In MSB order, the perms are: Processor, User, Group, Other.
type KeyPerm uint32
const (
PermOtherView KeyPerm = 1 << iota
PermOtherRead
PermOtherWrite
PermOtherSearch
PermOtherLink
PermOtherSetattr
)
const (
PermGroupView KeyPerm = 1 << (8 + iota)
PermGroupRead
PermGroupWrite
PermGroupSearch
PermGroupLink
PermGroupSetattr
)
const (
PermUserView KeyPerm = 1 << (16 + iota)
PermUserRead
PermUserWrite
PermUserSearch
PermUserLink
PermUserSetattr
)
const (
PermProcessView KeyPerm = 1 << (24 + iota)
PermProcessRead
PermProcessWrite
PermProcessSearch
PermProcessLink
PermProcessSetattr
)
const (
PermOtherAll KeyPerm = 0x3f << (8 * iota)
PermGroupAll
PermUserAll
PermProcessAll
)
var permsChars = []byte("--alswrv")
func encodePerms(p uint8) string {
l := uint(len(permsChars))
out := make([]byte, l)
l--
for i, c := range permsChars {
if p&(1<<(l-uint(i))) == 0 {
out[i] = '-'
} else {
out[i] = c
}
}
return string(out)
}
// Returns processor permissions in symbolic form
func (p KeyPerm) Process() string {
return encodePerms(uint8(uint(p) >> 24))
}
// Returns the group permissions in symbolic form
func (p KeyPerm) Group() string {
return encodePerms(uint8(uint(p) >> 8))
}
// Returns the user permissions in symbolic form
func (p KeyPerm) User() string {
return encodePerms(uint8(uint(p) >> 16))
}
// Returns other (default) permissions in symbolic form
func (p KeyPerm) Other() string {
return encodePerms(uint8(p))
}
func (p KeyPerm) String() string {
return p.Process()[2:] + p.User()[2:] + p.Group()[2:] + p.Other()[2:]
}
// Change user ownership on a key or keyring.
func Chown(k Id, user int) error {
group := -1
_, _, err := keyctl(keyctlChown, uintptr(k.Id()), uintptr(user), uintptr(group))
return err
}
// Change group ownership on a key or keyring.
func Chgrp(k Id, group int) error {
user := -1
_, _, err := keyctl(keyctlChown, uintptr(k.Id()), uintptr(user), uintptr(group))
return err
}
// Set permissions on a key or keyring.
func SetPerm(k Id, p KeyPerm) error {
_, _, err := keyctl(keyctlSetPerm, uintptr(k.Id()), uintptr(p))
return err
}