blob: d436bf2195f80b9ba4e7537d89b23b2be73e0950 [file] [log] [blame]
.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
.\" Written by David Howells (
.\" This program is free software; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License
.\" as published by the Free Software Foundation; either version
.\" 2 of the License, or (at your option) any later version.
.TH KEYCTL_INSTANTIATE 3 "4 May 2006" Linux "Linux Key Management Calls"
keyctl_assume_authority, keyctl_instantiate, keyctl_instantiate_iov, keyctl_reject, keyctl_negate \- key instantiation functions
.B #include <keyutils.h>
.BI "long keyctl_assume_authority(key_serial_t " key ");"
.BI "long keyctl_instantiate(key_serial_t " key ", const void *" payload ,
.BI "size_t " plen ", key_serial_t " keyring ");"
.BI "long keyctl_instantiate_iov(key_serial_t " key ,
.BI "const struct iovec *" payload_iov ", unsigned " ioc ,
.BI "key_serial_t " keyring ");"
.BI "long keyctl_negate(key_serial_t " key ", unsigned " timeout ,
.BI "key_serial_t " keyring ");"
.BI "long keyctl_reject(key_serial_t " key ", unsigned " timeout ,
.BI "unsigned " error ", key_serial_t " keyring ");"
.BR keyctl_assume_authority ()
assumes the authority for the calling thread to deal with and instantiate the
specified uninstantiated
.IR key .
The calling thread must have the appropriate authorisation key resident in one
of its keyrings for this to succeed, and that authority must not have been
The authorising key is allocated by
.BR request_key()
when it needs to invoke
userspace to generate a key for the requesting process. This is then attached
to one of the keyrings of the userspace process to which the task of
instantiating the key is given:
requester -> request_key() -> instantiator
Calling this function modifies the way
.BR request_key ()
works when called thereafter by the calling (instantiator) thread; once the
authority is assumed, the keyrings of the initial process are added to the
search path, using the initial process's UID, GID, groups and security
If a thread has multiple instantiations to deal with, it may call this
function to change the authorisation key currently in effect. Supplying a
.B zero
.I key
de-assumes the currently assumed authority.
This is a per-thread setting and not a per-process setting so that a
multithreaded process can be used to instantiate several keys at once.
.BR keyctl_instantiate ()
instantiates the payload of an uninstantiated key from the data specified.
.I payload
.I plen
specify the data for the new payload.
.I payload
may be NULL and
.I plen
may be zero if the key type permits that. The key type may reject the data if
it's in the wrong format or in some other way invalid.
.BR keyctl_instantiate_iov ()
is similar, but the data is passed in an array of iovec structs instead of in
a flat buffer.
.I payload_iov
points to the base of the array and
.I ioc
indicates how many elements there are.
.I payload_iov
may be NULL or
.I ioc
may be zero to indicate that no data is being supplied.
.BR keyctl_reject ()
marks a key as negatively instantiated and sets the expiration timer on it.
.I timeout
specifies the lifetime of the key in seconds.
.I error
specifies the error to be returned when a search hits the key (this is
Note that
.BR keyctl_reject ()
falls back to
.BR keyctl_negate ()
if the kernel does not
support it.
.BR keyctl_negate ()
.BR keyctl_reject ()
with an error code of
Only a key for which authority has been assumed may be instantiated or
negatively instantiated, and once instantiated, the authorisation key will be
revoked and the requesting process will be able to resume.
The destination
.IR keyring ,
if given, is assumed to belong to the initial requester, and not the
instantiating process. Therefore, the special keyring IDs refer to the
requesting process's keyrings, not the caller's, and the requester's UID,
etc. will be used to access them.
The destination keyring can be
.B zero
if no extra link is desired.
The requester, not the caller, must have
.B write
permission on the destination for a link to be made there.
On success
.BR keyctl_instantiate ()
.BR 0 .
On error, the value
.B -1
will be returned and
.I errno
will have been set to an appropriate error.
The key or keyring specified is invalid.
The keyring specified has expired.
The key or keyring specified had been revoked, or the authorisation has been
The payload data was invalid.
Insufficient memory to store the new payload or to expand the destination
The key quota for the key's user would be exceeded by increasing the size of
the key to accommodate the new payload or the key quota for the keyring's user
would be exceeded by expanding the destination keyring.
The key exists, but is not
.B writable
by the requester.
This is a library function that can be found in
.IR libkeyutils .
When linking,
.B \-lkeyutils
should be specified to the linker.
.ad l
.BR keyctl (1),
.BR add_key (2),
.BR keyctl (2),
.BR request_key (2),
.BR keyctl (3),
.BR keyrings (7),
.BR keyutils (7),
.BR request\-key (8)