keyctl_assume_authority
− Assume the authority to instantiate a key
keyctl_instantiate − Instantiate a key from flat data
keyctl_instantiate_iov − Instantiate a key from
segmented data
keyctl_reject − Negatively instantiate a key
specifying search error
keyctl_negate − Negatively instantiate a key
#include <keyutils.h>
long keyctl_assume_authority(key_serial_t key);
long
keyctl_instantiate(key_serial_t key, const
void *payload,
size_t plen, key_serial_t
keyring);
long
keyctl_instantiate_iov(key_serial_t key,
const struct iovec *payload_iov, unsigned
ioc,
key_serial_t keyring);
long
keyctl_negate(key_serial_t key, unsigned
timeout,
key_serial_t keyring);
long
keyctl_reject(key_serial_t key, unsigned
timeout,
unsigned error, key_serial_t
keyring);
keyctl_assume_authority() assumes the authority for the calling thread to deal with and instantiate the specified uninstantiated key.
The calling thread must have the appopriate authorisation key resident in one of its keyrings for this to succeed, and that authority must not have been revoked.
The authorising key is allocated by request_key() when it needs to invoke userspace to generate a key for the requesting process. This is then attached to one of the keyrings of the userspace process to which the task of instantiating the key is given:
requester -> request_key() -> instantiator
Calling this function modifies the way request_key() works when called thereafter by the calling (instantiator) thread; once the authority is assumed, the keyrings of the initial process are added to the search path, using the initial process’s UID, GID, groups and security context.
If a thread has multiple instantiations to deal with, it may call this function to change the authorisation key currently in effect. Supplying a zero key de-assumes the currently assumed authority.
NOTE! This is a per-thread setting and not a per-process setting so that a multithreaded process can be used to instantiate several keys at once.
keyctl_instantiate() instantiates the payload of an uninstantiated key from the data specified. payload and plen specify the data for the new payload. payload may be NULL and plen may be zero if the key type permits that. The key type may reject the data if it’s in the wrong format or in some other way invalid.
keyctl_instantiate_iov() is similar, but the data is passed in an array of iovec structs instead of in a flat buffer. payload_iov points to the base of the array and ioc indicates how many elements there are. payload_iov may be NULL or ioc may be zero to indicate that no data is being supplied.
keyctl_reject() marks a key as negatively instantiated and sets the expiration timer on it. timeout specifies the lifetime of the key in seconds. error specifies the error to be returned when a search hits the key (this is typically EKEYREJECTED, EKEYREVOKED or EKEYEXPIRED). Note that keyctl_reject() falls back to keyctl_negate() if the kernel does not support it.
keyctl_negate() as keyctl_reject() with an error code of ENOKEY.
Only a key for which authority has been assumed may be instantiated or negatively instantiated, and once instantiated, the authorisation key will be revoked and the requesting process will be able to resume.
The destination keyring, if given, is assumed to belong to the initial requester, and not the instantiating process. Therefore, the special keyring IDs refer to the requesting process’s keyrings, not the caller’s, and the requester’s UID, etc. will be used to access them.
The destination keyring can be zero if no extra link is desired.
The requester, not the caller, must have write permission on the destination for a link to be made there.
On success keyctl_instantiate() returns 0. On error, the value -1 will be returned and errno will have been set to an appropriate error.
ENOKEY |
The key or keyring specified is invalid. |
EKEYEXPIRED
The keyring specified has expired.
EKEYREVOKED
The key or keyring specified had been revoked, or the authorisation has been revoked.
EINVAL |
The payload data was invalid. | ||
ENOMEM |
Insufficient memory to store the new payload or to expand the destination keyring. | ||
EDQUOT |
The key quota for the key’s user would be exceeded by increasing the size of the key to accommodate the new payload or the key quota for the keyring’s user would be exceeded by expanding the destination keyring. | ||
EACCES |
The key exists, but is not writable by the requester. |
This is a library function that can be found in libkeyutils. When linking, -lkeyutils should be specified to the linker.
keyctl(1),
add_key(2),
keyctl(2),
request_key(2),
keyctl(3),
request-key(8),
keyutils(7),
keyrings(7)
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.