diff options
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/kernel_keyring.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/ipapython/kernel_keyring.py b/ipapython/kernel_keyring.py index 651fd7086..5b64dd660 100644 --- a/ipapython/kernel_keyring.py +++ b/ipapython/kernel_keyring.py @@ -21,6 +21,7 @@ import os import six from ipapython.ipautil import run +from ipaplatform.paths import paths # NOTE: Absolute path not required for keyctl since we reset the environment # in ipautil.run. @@ -33,34 +34,38 @@ from ipapython.ipautil import run KEYRING = '@s' KEYTYPE = 'user' + def dump_keys(): """ Dump all keys """ - result = run(['keyctl', 'list', KEYRING], raiseonerr=False, + result = run([paths.KEYCTL, 'list', KEYRING], raiseonerr=False, capture_output=True) return result.output + def get_real_key(key): """ One cannot request a key based on the description it was created with so find the one we're looking for. """ assert isinstance(key, six.string_types) - result = run(['keyctl', 'search', KEYRING, KEYTYPE, key], + result = run([paths.KEYCTL, 'search', KEYRING, KEYTYPE, key], raiseonerr=False, capture_output=True) if result.returncode: raise ValueError('key %s not found' % key) return result.raw_output.rstrip() + def get_persistent_key(key): assert isinstance(key, six.string_types) - result = run(['keyctl', 'get_persistent', KEYRING, key], + result = run([paths.KEYCTL, 'get_persistent', KEYRING, key], raiseonerr=False, capture_output=True) if result.returncode: raise ValueError('persistent key %s not found' % key) return result.raw_output.rstrip() + def is_persistent_keyring_supported(): uid = os.geteuid() try: @@ -70,6 +75,7 @@ def is_persistent_keyring_supported(): return True + def has_key(key): """ Returns True/False whether the key exists in the keyring. @@ -81,6 +87,7 @@ def has_key(key): except ValueError: return False + def read_key(key): """ Read the keyring and return the value for key. @@ -89,13 +96,14 @@ def read_key(key): """ assert isinstance(key, six.string_types) real_key = get_real_key(key) - result = run(['keyctl', 'pipe', real_key], raiseonerr=False, + result = run([paths.KEYCTL, 'pipe', real_key], raiseonerr=False, capture_output=True) if result.returncode: raise ValueError('keyctl pipe failed: %s' % result.error_log) return result.raw_output + def update_key(key, value): """ Update the keyring data. If they key doesn't exist it is created. @@ -104,13 +112,14 @@ def update_key(key, value): assert isinstance(value, bytes) if has_key(key): real_key = get_real_key(key) - result = run(['keyctl', 'pupdate', real_key], stdin=value, + result = run([paths.KEYCTL, 'pupdate', real_key], stdin=value, raiseonerr=False) if result.returncode: raise ValueError('keyctl pupdate failed: %s' % result.error_log) else: add_key(key, value) + def add_key(key, value): """ Add a key to the kernel keyring. @@ -119,18 +128,19 @@ def add_key(key, value): assert isinstance(value, bytes) if has_key(key): raise ValueError('key %s already exists' % key) - result = run(['keyctl', 'padd', KEYTYPE, key, KEYRING], + result = run([paths.KEYCTL, 'padd', KEYTYPE, key, KEYRING], stdin=value, raiseonerr=False) if result.returncode: raise ValueError('keyctl padd failed: %s' % result.error_log) + def del_key(key): """ Remove a key from the keyring """ assert isinstance(key, six.string_types) real_key = get_real_key(key) - result = run(['keyctl', 'unlink', real_key, KEYRING], + result = run([paths.KEYCTL, 'unlink', real_key, KEYRING], raiseonerr=False) if result.returncode: raise ValueError('keyctl unlink failed: %s' % result.error_log) |