keyctl_instantiate man page on YellowDog

Man page or keyword search:  
man Server   18644 pages
apropos Keyword Search (all sections)
Output format
YellowDog logo
[printable version]

KEYCTL_INSTANTIATE(3)	  Linux Key Management Calls	 KEYCTL_INSTANTIATE(3)

NAME
       keyctl_assume_authority	-  Assume  the	authority to instantiate a key
       keyctl_instantiate -  Instantiate  a  key  keyctl_negate	 -  Negatively
       instantiate a key

SYNOPSIS
       #include <keyutils.h>

       long keyctl_assume_authority(key_serial_t key);

       long keyctl_instantiate(key_serial_t key, const char *payload,
       size_t plen, key_serial_t keyring);

       long keyctl_negate(key_serial_t key, unsigned timeout,
       key_serial_t keyring);

DESCRIPTION
       keyctl_assume_authority()  assumes the authority for the calling thread
       to deal with and instantiate the specified uninstantiated key.

       The calling thread must have the appopriate authorisation key  resident
       in one of its keyrings for this to succeed, and that authority must not
       have been revoked.

       The authorising key is allocated by  request_key()  when	 it  needs  to
       invoke userspace to generate a key for the requesting process.  This is
       then attached to one of the keyrings of the userspace process to	 which
       the task of instantiating the key is given:

	      requester -> request_key() -> instantiator

       Calling	this function modifies the way request_key() works when called
       thereafter by the calling (instantiator) thread; once the authority  is
       assumed,	 the  keyrings	of the initial process are added to the search
       path, using the initial process's UID, GID, groups  and	security  con‐
       text.

       If  a thread has multiple instantiations to deal with, it may call this
       function to change the authorisation key currently in effect.   Supply‐
       ing a zero key de-assumes the currently assumed authority.

       NOTE!   This  is	 a per-thread setting and not a per-process setting so
       that a multithreaded process can be used to instantiate several keys at
       once.

       keyctl_instantiate()  instantiates the payload of an uninstantiated key
       from the data specified.	 payload and plen specify the data for the new
       payload.	 payload may be NULL and plen may be zero if the key type per‐
       mits that.  The key type may reject the data if it's in the wrong  for‐
       mat or in some other way invalid.

       keyctl_negate()	marks  a  key  as negatively instantiated and sets the
       expiration timer on it.	timeout specifies the lifetime of the  key  in
       seconds.

       Only  a key for which authority has been assumed may be instantiated or
       negatively instantiated, and once instantiated, the  authorisation  key
       will be revoked and the requesting process will be able to resume.

       The  destination keyring, if given, is assumed to belong to the initial
       requester, and not the instantiating process.  Therefore,  the  special
       keyring	IDs  refer to the requesting process's keyrings, not the call‐
       er's, and the requester's UID, etc. will be used to access them.

       The destination keyring can be zero if no extra link is desired.

       The requester, not the caller, must have write permission on the desti‐
       nation for a link to be made there.

RETURN VALUE
       On success keyctl_instantiate() returns 0.  On error, the value -1 will
       be returned and errno will have been set to an appropriate error.

ERRORS
       ENOKEY The key or keyring specified is invalid.

       EKEYEXPIRED
	      The keyring specified has expired.

       EKEYREVOKED
	      The key or keyring specified had been revoked, or the authorisa‐
	      tion has been revoked.

       EINVAL The payload data was invalid.

       ENOMEM Insufficient  memory  to	store the new payload or to expand the
	      destination keyring.

       EDQUOT The key quota for the key's user would be exceeded by increasing
	      the  size	 of  the key to accommodate the new payload or the key
	      quota for the keyring's user would be exceeded by expanding  the
	      destination keyring.

       EACCES The key exists, but is not writable by the requester.

LINKING
       This  is	 a  library  function  that can be found in libkeyutils.  When
       linking, -lkeyutils should be specified to the linker.

SEE ALSO
       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl_get_keyring_ID(3),
       keyctl_join_session_keyring(3),
       keyctl_update(3),
       keyctl_revoke(3),
       keyctl_chown(3),
       keyctl_setperm(3),
       keyctl_describe(3),
       keyctl_clear(3),
       keyctl_link(3),
       keyctl_unlink(3),
       keyctl_search(3),
       keyctl_read(3),
       keyctl_set_reqkey_keyring(3),
       keyctl_set_timeout(3),
       keyctl_describe_alloc(3),
       keyctl_read_alloc(3),
       request-key(8)

Linux				  4 May 2006		 KEYCTL_INSTANTIATE(3)
[top]

List of man pages available for YellowDog

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net