Man Pages

keyctl_negate(3) - phpMan keyctl_negate(3) - phpMan

Command: man perldoc info search(apropos)  


KEYCTL_INSTANTIATE(3)     Linux Key Management Calls     KEYCTL_INSTANTIATE(3)



NAME
       keyctl_assume_authority  -  Assume  the  authority  to instantiate a key keyctl_instantiate - Instantiate a key
       keyctl_negate - Negatively instantiate a key

SYNOPSIS
       #include <keyutils.h>

       long keyctl_assume_authority(key_serial_t key);

       long keyctl_instantiate(key_serial_t key, const char *payload,
       size_t plen, key_serial_t keyring);

       long keyctl_negate(key_serial_t key, unsigned timeout,
       key_serial_t keyring);

DESCRIPTION
       keyctl_assume_authority() assumes the authority for the calling thread to deal with and instantiate the  speci-
       fied uninstantiated key.

       The  calling thread must have the appopriate authorisation key resident in one of its keyrings for this to suc-
       ceed, and that authority must not have been revoked.

       The authorising key is allocated by request_key() when it needs to invoke userspace to generate a key  for  the
       requesting process.  This is then attached to one of the keyrings of the userspace process to which the task of
       instantiating the key is given:

              requester -> request_key() -> instantiator

       Calling this function modifies the way request_key() works when called thereafter by the calling (instantiator)
       thread;  once the authority is assumed, the keyrings of the initial process are added to the search path, using
       the initial process's UID, GID, groups and security context.

       If a thread has multiple instantiations to deal with, it may call this function to change the authorisation key
       currently in effect.  Supplying a zero key de-assumes the currently assumed authority.

       NOTE!   This  is a per-thread setting and not a per-process setting so that a multithreaded process can be used
       to instantiate several keys at once.

       keyctl_instantiate() instantiates the payload of an uninstantiated key from the data  specified.   payload  and
       plen  specify  the  data for the new payload.  payload may be NULL and plen may be zero if the key type permits
       that.  The key type may reject the data if it's in the wrong format or in some other way invalid.

       keyctl_negate() marks a key as negatively instantiated and sets the expiration timer on it.  timeout  specifies
       the lifetime of the key in seconds.

       Only  a  key  for  which  authority  has  been assumed may be instantiated or negatively instantiated, and once
       instantiated, the authorisation key will be revoked and the requesting process will be able to resume.

       The destination keyring, if given, is assumed to belong to the initial requester,  and  not  the  instantiating
       process.   Therefore, the special keyring IDs refer to the requesting process's keyrings, not the caller's, and
       the requester's UID, etc. will be used to access them.

       The destination keyring can be zero if no extra link is desired.

       The requester, not the caller, must have write permission on the destination for a link to be made there.

RETURN VALUE
       On success keyctl_instantiate() returns 0.  On error, the value -1 will be returned and errno  will  have  been
       set to an appropriate error.

ERRORS
       ENOKEY The key or keyring specified is invalid.

       EKEYEXPIRED
              The keyring specified has expired.

       EKEYREVOKED
              The key or keyring specified had been revoked, or the authorisation has been revoked.

       EINVAL The payload data was invalid.

       ENOMEM Insufficient memory to store the new payload or to expand the destination keyring.

       EDQUOT The  key quota for the key's user would be exceeded by increasing the size of the key to accommodate the
              new payload or the key quota for the keyring's user would  be  exceeded  by  expanding  the  destination
              keyring.

       EACCES The key exists, but is not writable by the requester.

LINKING
       This  is  a library function that can be found in libkeyutils.  When linking, -lkeyutils should be specified to
       the linker.

SEE ALSO
       keyctl(1),
       add_key(2),
       keyctl(2),
       request_key(2),
       keyctl(3),
       request-key(8)



Linux                             4 May 2006             KEYCTL_INSTANTIATE(3)