ekeyd 1.1.5-6.1 / usr / sbin / ekey-rekey

This file is indexed.

/usr/sbin/ekey-rekey is in ekeyd 1.1.5-6.1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/bin/sh

if test "x$KEYRING" = "x"; then
    KEYRING=/etc/entropykey/keyring
fi

usage() {
    cat <<EOF >&2
ekey-rekey: Utility to re-key an Entropy Key's Long-term-key
Usage:
    ekey-rekey [-d|--device DEVICENODE] [SERIAL [MASTERKEY]]
EOF
}

# settings
DEVDIR=/sys/bus/usb/devices;

# find an ekey by searching sysfs
sysfs_find_ekey () {

    for USBDEV in $(ls ${DEVDIR});do 
	USBDEVDIR=${DEVDIR}/${USBDEV}; 
	if [ -f "${USBDEVDIR}/idVendor" -a -f "${USBDEVDIR}/idProduct" -a -f "${USBDEVDIR}/serial" ];then 
	    if [ "$(cat ${USBDEVDIR}/idVendor)" = "20df" -a "$(cat ${USBDEVDIR}/idProduct)" = "0001" ]; then
		# check the serial number either for not being specified or it matches given value
		if [ "x$1" = "x" -o "$(cat ${USBDEVDIR}/serial)" = "$1" ]; then
		    echo ${USBDEV} $(cat ${USBDEVDIR}/serial)
		    break;
		fi
	    fi 
	fi
    done
}

sysfs_find_ekey_dev () {
    SYSFS_DEV_MAJ_MIN_FILE=${DEVDIR}/${1}:1.0/tty/tty*/dev
    if [ -f ${SYSFS_DEV_MAJ_MIN_FILE} ]; then
	SYSFS_DEV_MAJ_MIN=$(cat ${SYSFS_DEV_MAJ_MIN_FILE})
	DEV_MAJ=$(echo ${SYSFS_DEV_MAJ_MIN} | cut -d : -f1)
	DEV_MIN=$(echo ${SYSFS_DEV_MAJ_MIN} | cut -d : -f2)

	find /dev -type c | xargs stat -c "%t:%T %n" | egrep "^$(printf "%x" ${DEV_MAJ}):$(printf "%x" ${DEV_MIN})" | cut -d ' ' -f2

    fi
}

if test $# -ge 1; then

optloop=1
while test ${optloop} = 1; do
    case x$1 in
    x-d|x--device)
	DEVICE=$2
	shift
	shift
	;;
    x--device=*)
	DEVICE=$(echo "x$1" | sed 's/^x--device=//')
	shift
	;;
    x-h|x-\?|x--help)
	usage
	exit 0
	;;
    x-V|x--version)
	echo "ekey-rekey version ""1.1.5"
	exit 0
	;;
    x--)
	shift
	break
	;;
    x|x-*)
	# empty or unknown -o or unknown --long-option
	usage
	exit 1
	;;
    *)
	# non-option argument
	optloop=0
	;;
    esac
done

fi

# first open parameter must be the serial number
SERIAL=$1

if [ "x${SERIAL}" = "x" ]; then
    # no serial found go looking for the user
    FOUND_EKEY=$(sysfs_find_ekey)

    if [ "x${FOUND_EKEY}" = "x" ];then
	echo >&2 "No Entropy Key could be found. Is it connected?"
	exit 2
    fi
    FOUND_EKEY_DEV=$(sysfs_find_ekey_dev ${FOUND_EKEY})

    SERIAL=$(echo ${FOUND_EKEY} | cut -d ' ' -f2)
    
    echo "Found Entropy Key Serial: ${SERIAL}"
else
    # user supplied serial number

    echo "Specified Entropy Key Serial: ${SERIAL}"

    #look for appropriate device node just in case
    FOUND_EKEY=$(sysfs_find_ekey ${SERIAL})
    if [ "x${FOUND_EKEY}" != "x" ];then
	FOUND_EKEY_DEV=$(sysfs_find_ekey_dev ${FOUND_EKEY})
    fi

    shift
    MASTERKEY=$(echo $@ | tr -d ' ')
fi

# alter the serial number to ensure it contains no path separators
SERIALD="$(echo "${SERIAL}" | tr / .)"
SERIALU="$(echo "${SERIAL}" | tr / _)"

DEVPATHS=""

if test "x" != "x$DEVICE"; then
    DEVPATHS="$DEVICE "
fi

DEVPATHS="${DEVPATHS}/dev/entropykey/${SERIALD} /dev/entropykey/${SERIALU} /var/run/entropykeys/${SERIALD} /var/run/entropykeys/${SERIALU} ${FOUND_EKEY_DEV}"

for DEVPATH in ${DEVPATHS}; do
    if test -c "${DEVPATH}" -o -h "${DEVPATH}" -o -p "${DEVPATH}" -o -S "${DEVPATH}"; then
        test "x${NODETOUSE}" = "x" && NODETOUSE="${DEVPATH}"
    fi
done

if test "x" = "x$NODETOUSE"; then
    echo >&2 "Unable to find any device node or socket for $SERIAL"
    echo >&2 "Looked in: $DEVPATHS"
    exit 2
fi

ctl() {
    ekeydctl "$@" 2>/dev/null
}


# Try to ensure that any running daemon ignores the key
ctl remove "$SERIAL"
test $? = 4 && {
    echo >&2 "Warning: Could not detach key from daemon."
    echo >&2 "         If there is a problem setting the long-term key try"
    echo >&2 "         stopping the daemon before re-running the rekey tool."
}

# Generate the new key
if [ "x${MASTERKEY}" = "x" ];then
    ekey-setkey -s "$SERIAL" -f "$KEYRING" "$NODETOUSE"
else
    ekey-setkey -s "$SERIAL" -m "$MASTERKEY" -f "$KEYRING" "$NODETOUSE"
fi

if test $? -ne 0; then
    echo >&2 "Unable to generate new long-term key"
fi

# Re-add the new keyring
ctl keyring "$KEYRING"

# Add the new key and hope for the best
ctl add "$NODETOUSE"

APT Browse - Built by Thomas Orozco.