]>
Commit | Line | Data |
---|---|---|
4509c62e MK |
1 | .\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. |
2 | .\" Written by David Howells (dhowells@redhat.com) | |
3 | .\" | |
23dbdcbe | 4 | .\" %%%LICENSE_START(GPLv2+_SW_ONEPARA) |
4509c62e MK |
5 | .\" This program is free software; you can redistribute it and/or |
6 | .\" modify it under the terms of the GNU General Public License | |
7 | .\" as published by the Free Software Foundation; either version | |
8 | .\" 2 of the License, or (at your option) any later version. | |
722b6788 | 9 | .\" %%%LICENSE_END |
4509c62e | 10 | .\" |
67d2c687 | 11 | .TH KEYCTL 2 2015-05-07 Linux "Linux Key Management Calls" |
4509c62e | 12 | .SH NAME |
f68512e9 | 13 | keyctl \- manipulate the kernel's key management facility |
4509c62e MK |
14 | .SH SYNOPSIS |
15 | .nf | |
16 | .B #include <keyutils.h> | |
17 | .sp | |
fa76da80 ES |
18 | .BI "long keyctl(int " cmd ", ...)" |
19 | .sp | |
60fc9e95 | 20 | .B "/* For direct call via syscall(2): */" |
fa76da80 ES |
21 | .B #include <asm/unistd.h> |
22 | .B #include <linux/keyctl.h> | |
23 | .B #include <unistd.h> | |
24 | .sp | |
9a9febc8 MK |
25 | .BI "long syscall(__NR_keyctl, int " option ", __kernel_ulong_t " arg2 , |
26 | .BI " __kernel_ulong_t " arg3 ", __kernel_ulong_t " arg4 , | |
27 | .BI " __kernel_ulong_t " arg5 ); | |
6030f2d8 | 28 | .fi |
4509c62e MK |
29 | .SH DESCRIPTION |
30 | .BR keyctl () | |
60fc9e95 MK |
31 | allows user-space programs to perform key manipulation. |
32 | ||
33 | The operation performed by | |
fa76da80 | 34 | .BR keyctl () |
60fc9e95 MK |
35 | is determined by the value of the |
36 | .I option | |
37 | argument. | |
38 | Each of these operations is wrapped by | |
39 | .B libkeyutils | |
40 | into individual functions (listed under SEE ALSO) | |
41 | to permit the compiler to check types. | |
42 | ||
43 | The permitted values for | |
fa76da80 | 44 | .I option |
60fc9e95 | 45 | are: |
4509c62e | 46 | .TP |
9d7346eb | 47 | .BR KEYCTL_GET_KEYRING_ID " (since Linux 2.6.11)" |
d6c7244f MK |
48 | Map a special key ID to a real key ID for this process. |
49 | ||
50 | This operation looks up the special key whose ID is provided in | |
fa76da80 | 51 | .I arg2 |
fd2d68f9 | 52 | (cast to |
d6c7244f MK |
53 | .IR key_serial_t ) |
54 | and (if it is found) the ID of corresponding real key is returned | |
55 | ||
56 | If the key specified in | |
57 | .I arg2 | |
58 | does not exist, then a new key is created if the | |
fa76da80 | 59 | .I arg3 |
fd2d68f9 | 60 | argument (cast to |
d6c7244f MK |
61 | .IR int ) |
62 | contains a non-zero value; otherwise the operation fails with the error | |
63 | .BR ENOKEY . | |
60fc9e95 MK |
64 | |
65 | The caller must have | |
fa76da80 | 66 | .I search |
60fc9e95 MK |
67 | permission on a keyring in order for it to be found. |
68 | ||
69 | The arguments | |
70 | .IR arg4 | |
71 | and | |
72 | .IR arg5 | |
fa76da80 | 73 | are ignored. |
d6c7244f MK |
74 | |
75 | This operation is exposed by | |
76 | .I libkeyutils | |
77 | via the function | |
78 | .BR keyctl_get_keyring_ID (3). | |
4509c62e | 79 | .TP |
9d7346eb | 80 | .BR KEYCTL_JOIN_SESSION_KEYRING " (since Linux 2.6.11)" |
f9fa5a66 MK |
81 | Replace the session keyring this process subscribes to with |
82 | a new session keyring. | |
83 | ||
84 | If | |
fa76da80 | 85 | .I arg2 |
f9fa5a66 MK |
86 | is NULL, |
87 | an anonymous keyring with the description "_ses" is created | |
88 | and the process is subscribed to that keyring as its session keyring, | |
89 | displacing the previous session keyring. | |
60fc9e95 | 90 | |
f9fa5a66 MK |
91 | Otherwise, |
92 | .I arg2 | |
fd2d68f9 | 93 | (cast to |
f9fa5a66 MK |
94 | .IR "char\ *" ) |
95 | is treated as the description (name) of a keyring, | |
96 | and the behavior is as follows: | |
97 | .RS | |
98 | .IP * 3 | |
99 | If a keyring with a matching description exists, | |
100 | the process will attempt to subscribe to that keyring if possible; | |
101 | if that is not possible, an error is returned. | |
102 | .\" FIXME What error is returned? | |
103 | In order to subscribe to the keyring, | |
104 | the caller must have | |
fa76da80 | 105 | .I search |
f9fa5a66 MK |
106 | permission on the keyring. |
107 | .IP * | |
108 | If a keyring with a matching description does not exist, | |
109 | then a new keyring with that description is created, | |
110 | and the process is subscribed to that keyring as its session keyring, | |
111 | displacing the previous session keyring. | |
112 | .RE | |
113 | .IP | |
60fc9e95 MK |
114 | The arguments |
115 | .IR arg3 , | |
116 | .IR arg4 , | |
117 | and | |
118 | .IR arg5 | |
fa76da80 | 119 | are ignored. |
f9fa5a66 MK |
120 | |
121 | This operation is exposed by | |
122 | .I libkeyutils | |
123 | via the function | |
124 | .BR keyctl_join_session_keyring (3). | |
4509c62e | 125 | .TP |
9d7346eb | 126 | .BR KEYCTL_UPDATE " (since Linux 2.6.11)" |
60fc9e95 | 127 | Update a key's data payload. |
581f8203 | 128 | |
461a8ce5 | 129 | The |
fa76da80 | 130 | .I arg2 |
fd2d68f9 | 131 | argument (cast to |
fa76da80 | 132 | .IR key_serial_t ) |
581f8203 | 133 | specifies the ID of the key to be updated. |
60fc9e95 | 134 | The |
fa76da80 | 135 | .I arg3 |
fd2d68f9 | 136 | argument (cast to |
581f8203 MK |
137 | .IR "void\ *" ) |
138 | points to the new payload and | |
fa76da80 | 139 | .I arg4 |
fd2d68f9 | 140 | (cast to |
fa76da80 | 141 | .IR size_t ) |
581f8203 | 142 | contains the new payload size in bytes. |
60fc9e95 MK |
143 | |
144 | The caller must have | |
fa76da80 | 145 | .I write |
60fc9e95 | 146 | permission on the key specified and the key type must support updating. |
581f8203 MK |
147 | |
148 | .\" FIXME What does the following mean? | |
60fc9e95 MK |
149 | A negative key can be positively instantiated with this call. |
150 | ||
461a8ce5 | 151 | The |
fa76da80 ES |
152 | .I arg5 |
153 | argument is ignored. | |
581f8203 MK |
154 | |
155 | This operation is exposed by | |
156 | .I libkeyutils | |
157 | via the function | |
158 | .BR keyctl_update (3). | |
4509c62e | 159 | .TP |
9d7346eb | 160 | .BR KEYCTL_REVOKE " (since Linux 2.6.11)" |
60fc9e95 | 161 | Revoke the key with the ID provided in |
fa76da80 | 162 | .I arg2 |
fd2d68f9 | 163 | (cast to |
fa76da80 | 164 | .IR key_serial_t ). |
60fc9e95 MK |
165 | |
166 | The caller must have | |
cbf0e35e MK |
167 | .IR write |
168 | or | |
169 | .IR setattr | |
170 | permission on the key. | |
171 | .\" FIXME Keys with the KEY_FLAG_KEEP bit set cause an EPERM | |
172 | .\" error for KEYCTL_REVOKE. Does this need to be documented? | |
173 | .\" (It's not clear how KEY_FLAG_KEEP gets set.) | |
60fc9e95 MK |
174 | |
175 | The arguments | |
176 | .IR arg3 , | |
177 | .IR arg4 , | |
178 | and | |
179 | .IR arg5 | |
fa76da80 | 180 | are ignored. |
cbf0e35e MK |
181 | |
182 | This operation is exposed by | |
183 | .I libkeyutils | |
184 | via the function | |
185 | .BR keyctl_revoke (3). | |
4509c62e | 186 | .TP |
9d7346eb | 187 | .BR KEYCTL_CHOWN " (since Linux 2.6.11)" |
14694cb5 MK |
188 | Change the ownership (user and group ID) of a key. |
189 | ||
461a8ce5 | 190 | The |
fa76da80 | 191 | .I arg2 |
fd2d68f9 | 192 | argument (cast to |
fa76da80 | 193 | .IR key_serial_t ) |
60fc9e95 MK |
194 | contains the key ID. |
195 | The | |
fa76da80 | 196 | .I arg3 |
fd2d68f9 | 197 | argument (cast to |
fa76da80 | 198 | .IR uid_t ) |
60fc9e95 MK |
199 | contains the new user ID (or \-1 in case the user ID shouldn't be changed). |
200 | The | |
fa76da80 | 201 | .I arg4 |
fd2d68f9 | 202 | argument (cast to |
fa76da80 | 203 | .IR gid_t ) |
60fc9e95 | 204 | contains the new group ID (or \-1 in case the group ID shouldn't be changed). |
14694cb5 | 205 | |
fa76da80 ES |
206 | The key must grant the caller |
207 | .I setattr | |
461a8ce5 | 208 | permission. |
14694cb5 | 209 | |
461a8ce5 | 210 | For the UID to be changed, or for the GID to be changed to a group |
60fc9e95 MK |
211 | the caller is not a member of, the caller must have the |
212 | .B CAP_SYS_ADMIN | |
fa76da80 | 213 | capability (see |
60fc9e95 | 214 | .BR capabilities (7)). |
14694cb5 | 215 | |
461a8ce5 MK |
216 | If the UID is to be changed, the new user must have sufficient |
217 | quota to accept the key. | |
218 | The quota deduction will be removed from the old user | |
14694cb5 | 219 | to the new user should the UID be changed. |
60fc9e95 | 220 | |
461a8ce5 | 221 | The |
fa76da80 ES |
222 | .I arg5 |
223 | argument is ignored. | |
efd4c0cd MK |
224 | |
225 | This operation is exposed by | |
226 | .I libkeyutils | |
227 | via the function | |
228 | .BR keyctl_chown (3). | |
4509c62e | 229 | .TP |
9d7346eb | 230 | .BR KEYCTL_SETPERM " (since Linux 2.6.11)" |
60fc9e95 | 231 | Change the permissions of the key with the ID provided in the |
fa76da80 | 232 | .I arg2 |
fd2d68f9 | 233 | argument (cast to |
fa76da80 | 234 | .IR key_serial_t ) |
60fc9e95 | 235 | to the permissions provided in the |
fa76da80 | 236 | .I arg3 |
fd2d68f9 | 237 | argument (cast to |
3d20acc9 MK |
238 | .IR key_perm_t ). |
239 | ||
fa76da80 ES |
240 | The key must grant |
241 | .I setattr | |
461a8ce5 | 242 | permission to the caller. |
3d20acc9 MK |
243 | |
244 | If the caller doesn't have the | |
60fc9e95 MK |
245 | .B CAP_SYS_ADMIN |
246 | capability, it can change permissions only for the keys it owns. | |
3d20acc9 MK |
247 | (More precisely: the caller's filesystem UID must match the UID of the key.) |
248 | ||
249 | The permissions in | |
250 | .IR arg3 | |
251 | specify masks of available operations | |
252 | for each of the following user categories: | |
253 | .RS | |
254 | .TP | |
255 | .IR possessor " (since Linux 2.6.14)" | |
256 | .\" commit 664cceb0093b755739e56572b836a99104ee8a75 | |
257 | This is the permission granted to a process that possesses the key | |
258 | (has it attached searchably to one of the process's keyrings); | |
259 | see | |
260 | .BR keyrings (7). | |
261 | .TP | |
262 | .IR user | |
263 | This is the permission granted to a process | |
264 | whose filesystem UID matches the UID of the key. | |
265 | .TP | |
266 | .IR group | |
267 | This is the permission granted to a process | |
268 | whose filesystem GID or any of its supplementary GIDs | |
269 | matches the GID of the key. | |
270 | .TP | |
271 | .IR other | |
272 | This is the permission granted to other processes | |
273 | that do not match the | |
274 | .IR user | |
275 | and | |
276 | .IR group | |
277 | categories. | |
278 | .RE | |
279 | .IP | |
280 | The | |
281 | .IR user , | |
282 | .IR group , | |
283 | and | |
284 | .IR other | |
285 | categories are exclusive: if a process matches the | |
286 | .IR user | |
287 | category, it will not receive permissions granted in the | |
288 | .IR group | |
289 | category; if a process matches the | |
290 | .I user | |
291 | or | |
292 | .IR group | |
293 | category, then it will not receive permissions granted in the | |
294 | .IR other | |
295 | category. | |
296 | ||
297 | The | |
298 | .I possessor | |
299 | category grants permissions that are cumulative with the grants from the | |
300 | .IR user , | |
301 | .IR group , | |
302 | or | |
303 | .IR other | |
304 | category. | |
305 | ||
306 | Each permission mask is eight bits in size, | |
307 | with only six bits currently used. | |
461a8ce5 | 308 | The available permissions are: |
fa76da80 | 309 | .RS |
3d20acc9 MK |
310 | .TP |
311 | .IR view | |
312 | This permission allows reading attributes of a key. | |
313 | ||
314 | This permission is required for the | |
315 | .BR KEYCTL_DESCRIBE | |
316 | operation. | |
317 | ||
318 | The permission bits for each category are | |
319 | .BR KEY_POS_VIEW , | |
320 | .BR KEY_USR_VIEW , | |
321 | .BR KEY_GRP_VIEW , | |
322 | and | |
323 | .BR KEY_OTH_VIEW . | |
324 | .TP | |
325 | .IR read | |
326 | This permission allows reading a key's payload. | |
327 | ||
328 | This permission is required for the | |
329 | .BR KEYCTL_READ | |
330 | operation. | |
331 | ||
332 | The permission bits for each category are | |
333 | .BR KEY_POS_READ , | |
334 | .BR KEY_USR_READ , | |
335 | .BR KEY_GRP_READ , | |
336 | and | |
337 | .BR KEY_OTH_READ . | |
338 | .TP | |
339 | .IR write | |
340 | This permission allows update or instantiation of a key's payload. | |
341 | For a keyring, it allows keys to be linked and unlinked from the keyring, | |
342 | ||
343 | This permission is required for the | |
60fc9e95 MK |
344 | .BR KEYCTL_UPDATE , |
345 | .BR KEYCTL_REVOKE , | |
346 | .BR KEYCTL_CLEAR , | |
347 | .BR KEYCTL_LINK , | |
348 | and | |
3d20acc9 MK |
349 | .BR KEYCTL_UNLINK |
350 | operations. | |
351 | ||
352 | The permission bits for each category are | |
353 | .BR KEY_POS_WRITE , | |
354 | .BR KEY_USR_WRITE , | |
355 | .BR KEY_GRP_WRITE , | |
356 | and | |
357 | .BR KEY_OTH_WRITE . | |
358 | .TP | |
359 | .IR search | |
360 | This permission allows keyrings to be searched and keys to be found. | |
361 | Searches can recurse only into nested keyrings | |
461a8ce5 | 362 | that have search permission set. |
3d20acc9 MK |
363 | |
364 | This permission is required for the | |
60fc9e95 MK |
365 | .BR KEYCTL_GET_KEYRING_ID , |
366 | .BR KEYCTL_JOIN_SESSION_KEYRING , | |
367 | .BR KEYCTL_SEARCH , | |
368 | and | |
3d20acc9 MK |
369 | .BR KEYCTL_INVALIDATE |
370 | operations. | |
371 | ||
372 | The permission bits for each category are | |
373 | .BR KEY_POS_SEARCH , | |
374 | .BR KEY_USR_SEARCH , | |
375 | .BR KEY_GRP_SEARCH , | |
376 | and | |
377 | .BR KEY_OTH_SEARCH . | |
378 | .TP | |
379 | .IR link | |
380 | This permission allows a key or keyring to be linked to. | |
381 | ||
382 | This permission is required for the | |
60fc9e95 MK |
383 | .BR KEYCTL_LINK |
384 | and | |
3d20acc9 MK |
385 | .BR KEYCTL_SESSION_TO_PARENT |
386 | operations. | |
387 | ||
388 | The permission bits for each category are | |
389 | .BR KEY_POS_LINK , | |
390 | .BR KEY_USR_LINK , | |
391 | .BR KEY_GRP_LINK , | |
392 | and | |
393 | .BR KEY_OTH_LINK . | |
394 | .TP | |
395 | .IR setattr " (since Linux 2.6.15)." | |
396 | This permission allows a key's UID, GID, and permissions mask to be changed. | |
397 | ||
398 | This permission is required for the | |
60fc9e95 MK |
399 | .BR KEYCTL_REVOKE , |
400 | .BR KEYCTL_CHOWN , | |
401 | and | |
3d20acc9 MK |
402 | .BR KEYCTL_SETPERM |
403 | operations. | |
404 | ||
405 | The permission bits for each category are | |
406 | .BR KEY_POS_SETATTR , | |
407 | .BR KEY_USR_SETATTR , | |
408 | .BR KEY_GRP_SETATTR , | |
409 | and | |
410 | .BR KEY_OTH_SETATTR . | |
fa76da80 ES |
411 | .RE |
412 | .IP | |
3d20acc9 MK |
413 | As a convenience, the following macros are defined as masks for |
414 | all of the permission bits in each of the user categories: | |
415 | .BR KEY_POS_ALL , | |
416 | .BR KEY_USR_ALL, | |
417 | .BR KEY_GRP_ALL , | |
418 | and | |
419 | .BR KEY_OTH_ALL . | |
420 | ||
fa76da80 ES |
421 | The |
422 | .IR arg4 " and " arg5 | |
423 | arguments are ignored. | |
efd4c0cd MK |
424 | |
425 | This operation is exposed by | |
426 | .I libkeyutils | |
427 | via the function | |
428 | .BR keyctl_setperm (3). | |
4509c62e | 429 | .TP |
9d7346eb | 430 | .BR KEYCTL_DESCRIBE " (since Linux 2.6.11)" |
015c82d5 MK |
431 | Obtain a description of a key. |
432 | ||
433 | The ID of the key to be described is specified in | |
fa76da80 | 434 | .I arg2 |
015c82d5 | 435 | (cast to |
60fc9e95 | 436 | .IR key_serial_t ). |
015c82d5 | 437 | The description is returned in the buffer pointed to by |
fa76da80 | 438 | .I arg3 |
015c82d5 | 439 | (cast to |
740fecc2 | 440 | .IR "char\ *" ), |
015c82d5 | 441 | and |
fa76da80 | 442 | .I arg4 |
015c82d5 MK |
443 | (cast to |
444 | .IR size_t ) | |
445 | specifies the size of that buffer in bytes. | |
446 | ||
461a8ce5 | 447 | The key must grant the caller |
fa76da80 | 448 | .I view |
461a8ce5 | 449 | permission. |
015c82d5 MK |
450 | |
451 | The returned description contains the following information about the key: | |
452 | ||
453 | .in +4n | |
454 | .IR type ; uid ; gid ; perm ; description "<NUL>" | |
455 | .in | |
456 | ||
457 | In the above, | |
458 | .IR type | |
459 | and | |
460 | .IR description | |
461 | are strings, | |
462 | .IR uid | |
463 | and | |
464 | .IR gid | |
465 | are decimal strings, and | |
466 | .I perm | |
467 | is a hexadecimal permissions mask. | |
468 | The description is written with the following format string: | |
469 | ||
470 | %s;%d;%d;%08x;%s | |
471 | ||
472 | .BR "Note: the intention is that the key description string should" | |
473 | .BR "be extensible in future kernel versions". | |
474 | In particular, the | |
475 | .IR description | |
476 | field will not contain semicolons; | |
477 | it should be parsed by working backwards from the end of the string | |
478 | to find the last semicolon. | |
479 | This allows future semicolon-delimited fields to be inserted | |
480 | in the key description in the future. | |
481 | ||
482 | Writing to the buffer is attempted only when | |
483 | .IR arg3 | |
484 | is non-NULL and the specified buffer size | |
485 | is large enough to accept the description | |
486 | (including the terminating null byte). | |
487 | '\" Function commentary says it copies up to buflen bytes, but see the | |
fa76da80 ES |
488 | '\" (buffer && buflen >= ret) condition in keyctl_describe_key() in |
489 | '\" security/keyctl.c | |
015c82d5 MK |
490 | In order to determine whether the buffer size was too small, |
491 | check to see if the return value of the operation is greater than | |
492 | .IR arg4 . | |
493 | ||
461a8ce5 | 494 | The |
fa76da80 ES |
495 | .I arg5 |
496 | argument is ignored. | |
efd4c0cd MK |
497 | |
498 | This operation is exposed by | |
499 | .I libkeyutils | |
500 | via the function | |
501 | .BR keyctl_describe (3). | |
4509c62e | 502 | .TP |
a92d3bb4 | 503 | .B KEYCTL_CLEAR |
c97582e5 MK |
504 | Clear the contents of (i.e., unlink all keys from) a keyring. |
505 | ||
506 | The ID of the key | |
507 | (which must be of keyring type) | |
508 | .\" or the error ENOTDIR results | |
509 | is provided in | |
fa76da80 | 510 | .I arg2 |
c97582e5 | 511 | (cast to |
fa76da80 | 512 | .IR key_serial_t ). |
c97582e5 MK |
513 | .\" According to Documentation/security/keys.txt: |
514 | .\" This function can also be used to clear special kernel keyrings if they | |
515 | .\" are appropriately marked if the user has CAP_SYS_ADMIN capability. The | |
516 | .\" DNS resolver cache keyring is an example of this. | |
60fc9e95 MK |
517 | |
518 | The caller must have | |
fa76da80 | 519 | .I write |
c97582e5 | 520 | permission on the keyring. |
60fc9e95 MK |
521 | |
522 | The arguments | |
523 | .IR arg3 , | |
524 | .IR arg4 , | |
525 | and | |
526 | .IR arg5 | |
fa76da80 | 527 | are ignored. |
efd4c0cd MK |
528 | |
529 | This operation is exposed by | |
530 | .I libkeyutils | |
531 | via the function | |
532 | .BR keyctl_clear (3). | |
4509c62e | 533 | .TP |
9d7346eb | 534 | .BR KEYCTL_LINK " (since Linux 2.6.11)" |
c336c207 MK |
535 | Create a link from a keyring to a key. |
536 | ||
537 | The key to be linked is specified in | |
538 | .IR arg2 | |
539 | (cast to | |
540 | .IR key_serial_t ); | |
541 | the keyring is specified in | |
542 | .IR arg3 | |
543 | (cast to | |
544 | .IR key_serial_t ). | |
545 | ||
546 | If a key with the same type and description is already linked in the keyring, | |
547 | then that key is displaced from the keyring. | |
548 | ||
549 | Before creating the link, | |
550 | the kernel checks the nesting of the keyrings and returns appropriate errors | |
551 | if the nesting is too deep | |
552 | .\" KEYRING_SEARCH_MAX_DEPTH 6 | |
553 | or if the link would produce a cycle. | |
60fc9e95 MK |
554 | |
555 | The caller must have | |
fa76da80 ES |
556 | .I link |
557 | permission on the key being added and | |
558 | .I write | |
c336c207 | 559 | permission on the keyring. |
60fc9e95 MK |
560 | |
561 | The arguments | |
562 | .IR arg4 | |
563 | and | |
564 | .IR arg5 | |
fa76da80 | 565 | are ignored. |
efd4c0cd MK |
566 | |
567 | This operation is exposed by | |
568 | .I libkeyutils | |
569 | via the function | |
570 | .BR keyctl_link (3). | |
4509c62e | 571 | .TP |
9d7346eb | 572 | .BR KEYCTL_UNLINK " (since Linux 2.6.11)" |
2981a43f MK |
573 | Unlink a key from a keyring. |
574 | ||
575 | The ID of the key to be unlinked is specified in | |
fa76da80 | 576 | .I arg2 |
2981a43f MK |
577 | (cast to |
578 | .IR key_serial_t ); | |
579 | the ID of the keyring from which it is to be unlinked is specified in | |
fa76da80 | 580 | .I arg3 |
2981a43f MK |
581 | (cast to |
582 | .IR key_serial_t ). | |
583 | ||
584 | If the key is not currently linked into the keyring, an error results. | |
60fc9e95 MK |
585 | |
586 | The caller must have | |
fa76da80 | 587 | .I write |
60fc9e95 MK |
588 | permission on the keyring from which the key is being removed. |
589 | ||
2981a43f MK |
590 | If the last link to a key is removed, |
591 | then that key will be scheduled for destruction. | |
60fc9e95 MK |
592 | |
593 | The arguments | |
594 | .IR arg4 | |
595 | and | |
596 | .IR arg5 | |
fa76da80 | 597 | are ignored. |
efd4c0cd MK |
598 | |
599 | This operation is exposed by | |
600 | .I libkeyutils | |
601 | via the function | |
602 | .BR keyctl_unlink (3). | |
4509c62e | 603 | .TP |
9d7346eb | 604 | .BR KEYCTL_SEARCH " (since Linux 2.6.11)" |
4f5a5b13 MK |
605 | Search for a key in a keyring tree, |
606 | returning its ID and optionally linking it to a specified keyring. | |
607 | ||
608 | The tree to be searched is specified by passing | |
609 | the ID of the head keyring in | |
610 | .IR arg2 | |
611 | (cast to | |
fd2d68f9 | 612 | .IR key_serial_t ). |
4f5a5b13 MK |
613 | The search is performed breadth-first and recursively. |
614 | ||
461a8ce5 | 615 | The |
fa76da80 | 616 | .I arg3 |
4f5a5b13 | 617 | and |
fa76da80 | 618 | .I arg4 |
4f5a5b13 MK |
619 | arguments specify the key to be searched for: |
620 | .I arg3 | |
621 | (cast as | |
622 | .IR "char\ *" ) | |
623 | contains the key type | |
624 | (a null-terminated character string up to 32 bytes in size, | |
625 | including the terminating null byte), and | |
626 | .I arg4 | |
627 | (cast as | |
628 | .IR "char\ *" ) | |
629 | contains the description of the key | |
630 | (a null-terminated character string up to 4096 bytes in size, | |
631 | including the terminating null byte). | |
632 | ||
633 | The source keyring must grant | |
fa76da80 | 634 | .I search |
4f5a5b13 MK |
635 | permission to the caller. |
636 | When performing the recursive search, only keyrings that grant the caller | |
637 | .I search | |
638 | permission will be searched. | |
639 | Only keys with for which the caller has | |
fa76da80 | 640 | .I search |
461a8ce5 | 641 | permission can be found. |
60fc9e95 | 642 | |
4f5a5b13 MK |
643 | If the key is found, its ID is returned as the function result. |
644 | ||
645 | If the key is found and | |
fa76da80 | 646 | .I arg5 |
4f5a5b13 | 647 | (cast to |
fd2d68f9 | 648 | .IR key_serial_t ) |
4f5a5b13 MK |
649 | is nonzero, then, subject to the same constraints and rules as |
650 | .BR KEYCTL_LINK , | |
651 | the key is linked into the keyring whose ID is specified in | |
652 | .IR arg5 . | |
653 | If the destination keyring specified in | |
654 | .I arg5 | |
655 | already contains a link to a key that has the same type and description, | |
656 | then that link will be displaced by a link to | |
657 | the key found by this operation. | |
658 | ||
659 | Instead of valid existing keyring IDs, the source | |
660 | .RI ( arg2 ) | |
661 | and destination | |
662 | .RI ( arg5 ) | |
663 | keyrings can be one of the following special keyring IDs: | |
664 | .RS | |
665 | .TP | |
666 | .B KEY_SPEC_THREAD_KEYRING | |
667 | This specifies the caller's thread-specific keyring. | |
668 | See | |
669 | .BR thread_keyring (7). | |
670 | .TP | |
671 | .B KEY_SPEC_PROCESS_KEYRING | |
672 | This specifies the caller's process-specific keyring. | |
673 | See | |
674 | .BR process_keyring (7). | |
675 | .TP | |
676 | .B KEY_SPEC_SESSION_KEYRING | |
677 | This specifies the caller's session-specific keyring. | |
678 | See | |
679 | .BR session_keyring (7). | |
680 | .TP | |
681 | .B KEY_SPEC_USER_KEYRING | |
682 | This specifies the caller's UID-specific keyring. | |
683 | See | |
684 | .BR user_keyring (7). | |
685 | .TP | |
686 | .B KEY_SPEC_USER_SESSION_KEYRING | |
687 | This specifies the caller's UID-session keyring. | |
688 | See | |
689 | .BR user_session_keyring (7). | |
690 | .TP | |
691 | .BR KEY_SPEC_REQKEY_AUTH_KEY " (since Linux 2.6.16)" | |
692 | .\" commit b5f545c880a2a47947ba2118b2509644ab7a2969 | |
693 | This specifies the authorization key created by | |
694 | .BR request_key (2) | |
695 | and passed to the process it spawns to generate a key. | |
696 | .TP | |
697 | .BR KEY_SPEC_REQUESTOR_KEYRING " (since Linux 2.6.29)" | |
698 | .\" commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 | |
699 | This specifies the key ID for the | |
700 | .BR request_key (2) | |
701 | destination keyring. | |
702 | .\" FIXME What about: | |
703 | .\" KEY_SPEC_REQKEY_AUTH_KEY (2.6.16) | |
704 | .\" KEY_SPEC_REQUESTOR_KEYRING (2.6.29) | |
705 | .RE | |
706 | .IP | |
efd4c0cd MK |
707 | This operation is exposed by |
708 | .I libkeyutils | |
709 | via the function | |
710 | .BR keyctl_search (3). | |
4509c62e | 711 | .TP |
9d7346eb | 712 | .BR KEYCTL_READ " (since Linux 2.6.11)" |
8baa4815 MK |
713 | Read the payload data of a key. |
714 | ||
715 | The ID of the key whose payload is to be read is specified in | |
fa76da80 | 716 | .I arg2 |
8baa4815 | 717 | (cast to |
fd2d68f9 | 718 | .IR key_serial_t ). |
8baa4815 | 719 | The payload is placed in the buffer pointed by |
fa76da80 | 720 | .I arg3 |
8baa4815 | 721 | (cast to |
fd2d68f9 | 722 | .IR "char\ *" ); |
8baa4815 | 723 | the size of that buffer must be specified in |
fa76da80 | 724 | .I arg4 |
8baa4815 | 725 | (cast to |
fd2d68f9 | 726 | .IR size_t ). |
8baa4815 | 727 | |
461a8ce5 | 728 | The key must either grant the caller |
fa76da80 | 729 | .I read |
8baa4815 | 730 | permission, or grant the caller |
fa76da80 | 731 | .I search |
461a8ce5 | 732 | permission when searched for from the process keyrings. |
60fc9e95 | 733 | |
461a8ce5 | 734 | The |
fa76da80 ES |
735 | .I arg5 |
736 | argument is ignored. | |
efd4c0cd MK |
737 | |
738 | This operation is exposed by | |
739 | .I libkeyutils | |
740 | via the function | |
741 | .BR keyctl_read (3). | |
4509c62e | 742 | .TP |
9d7346eb | 743 | .BR KEYCTL_INSTANTIATE " (since Linux 2.6.11)" |
329c2892 | 744 | .\" FIXME There's a lot more detail to add here... |
9f79744c MK |
745 | Instantiate a partially constructed key with a specified payload. |
746 | ||
747 | The ID of the key to be instantiated is provided in | |
fa76da80 | 748 | .I arg2 |
9f79744c MK |
749 | (cast to |
750 | .IR key_serial_t ). | |
751 | ||
752 | The key payload is specified in the buffer pointed to by | |
fa76da80 | 753 | .I arg3 |
9f79744c MK |
754 | (cast to |
755 | .IR "void\ *"); | |
756 | the size of that buffer is specified in | |
fa76da80 | 757 | .I arg4 |
9f79744c | 758 | (cast to |
fd2d68f9 | 759 | .IR size_t ). |
9f79744c MK |
760 | |
761 | The payload may be a NULL pointer and the buffer size may be 0 | |
762 | if this is supported by the key type. | |
763 | The operation may be fail if the payload data is in the wrong format | |
764 | or is otherwise invalid. | |
765 | ||
766 | If | |
fa76da80 | 767 | .I arg5 |
9f79744c MK |
768 | (cast to |
769 | .IR key_serial_t ) | |
770 | is nonzero, then, subject to the same constraints and rules as | |
771 | .BR KEYCTL_LINK , | |
772 | the instantiated key is linked into the keyring whose ID specified in | |
773 | .IR arg5 . | |
774 | ||
775 | The caller must have the appropriate authorization key; | |
776 | see | |
777 | .BR request_key (2). | |
60fc9e95 | 778 | |
efd4c0cd MK |
779 | This operation is exposed by |
780 | .I libkeyutils | |
781 | via the function | |
782 | .BR keyctl_instantiate (3). | |
4509c62e | 783 | .TP |
9d7346eb | 784 | .BR KEYCTL_NEGATE " (since Linux 2.6.11)" |
39b91a53 | 785 | Negatively instantiate a partially constructed key. |
60fc9e95 | 786 | |
39b91a53 | 787 | This operation is equivalent to the call: |
60fc9e95 MK |
788 | |
789 | keyctl(KEYCTL_REJECT, arg2, arg3, ENOKEY, arg4); | |
790 | ||
fa76da80 ES |
791 | The |
792 | .I arg5 | |
793 | argument is ignored. | |
efd4c0cd MK |
794 | |
795 | This operation is exposed by | |
796 | .I libkeyutils | |
797 | via the function | |
798 | .BR keyctl_negate (3). | |
8ec6a211 | 799 | .TP |
fa76da80 | 800 | .BR KEYCTL_SET_REQKEY_KEYRING " (since Linux 2.6.13)" |
0a45d567 MK |
801 | Set the default keyring to which implicitly requested keys |
802 | .\" The implicit requests make use of the kernel-internal request_key() | |
803 | .\" function (which is not the same as the request_key(2) system call). | |
804 | will be linked for this thread, and return the previous setting. | |
805 | Implicit key requests can occur when, for example, opening files | |
806 | on an AFS or NFS filesystem. | |
807 | ||
461a8ce5 | 808 | The |
fa76da80 | 809 | .I arg2 |
fd2d68f9 MK |
810 | argument (cast to |
811 | .IR int ) | |
0a45d567 MK |
812 | should contain one of the following values, |
813 | to specify the new default keyring: | |
d1d5839d | 814 | .RS |
0a45d567 | 815 | .TP |
d1d5839d MK |
816 | .BR KEY_REQKEY_DEFL_NO_CHANGE |
817 | No change. | |
818 | .TP | |
819 | .BR KEY_REQKEY_DEFL_DEFAULT | |
0a45d567 MK |
820 | This selects the default behaviour, |
821 | which is to use the thread-specific keyring if there is one, | |
822 | otherwise the process-specific keyring if there is one, | |
823 | otherwise the session keyring if there is one, | |
824 | otherwise the UID-specific session keyring. | |
d1d5839d MK |
825 | .TP |
826 | .BR KEY_REQKEY_DEFL_THREAD_KEYRING | |
0a45d567 MK |
827 | Use the thread-specific keyring |
828 | .RB ( thread_keyring (7)) | |
829 | as the new default keyring. | |
d1d5839d MK |
830 | .TP |
831 | .BR KEY_REQKEY_DEFL_PROCESS_KEYRING | |
0a45d567 MK |
832 | Use the process-specific keyring |
833 | .RB ( process_keyring (7)) | |
834 | as the new default keyring. | |
835 | .TP | |
d1d5839d MK |
836 | .TP |
837 | .BR KEY_REQKEY_DEFL_SESSION_KEYRING | |
0a45d567 MK |
838 | Use the session-specific keyring |
839 | .RB ( session_keyring (7)) | |
840 | as the new default keyring. | |
d1d5839d MK |
841 | .TP |
842 | .BR KEY_REQKEY_DEFL_USER_KEYRING | |
0a45d567 MK |
843 | Use the UID-specific keyring |
844 | .RB ( user_keyring (7)) | |
845 | as the new default keyring. | |
d1d5839d | 846 | .TP |
0a45d567 MK |
847 | .BR KEY_REQKEY_DEFL_USER_SESSION_KEYRING |
848 | Use the UID-specific session keyring | |
849 | .RB ( user_session_keyring (7)) | |
850 | as the new default keyring. | |
d1d5839d MK |
851 | .TP |
852 | .BR KEY_REQKEY_DEFL_REQUESTOR_KEYRING " (since Linux 2.6.29)" | |
fa76da80 | 853 | '\" 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 |
0a45d567 MK |
854 | .\" FIXME The following needs to be expanded. |
855 | Use the requestor keyring. | |
d1d5839d MK |
856 | .RE |
857 | .IP | |
0a45d567 MK |
858 | All other values are invalid. |
859 | .\" (including the still-unsupported KEY_REQKEY_DEFL_GROUP_KEYRING) | |
60fc9e95 MK |
860 | |
861 | The arguments | |
862 | .IR arg3 , | |
863 | .IR arg4 , | |
864 | and | |
865 | .IR arg5 | |
fa76da80 | 866 | are ignored. |
efd4c0cd | 867 | |
0a45d567 MK |
868 | The setting controlled by this operation is inherited by the child of |
869 | .BR fork (2) | |
870 | and preserved across | |
871 | .BR execve (2). | |
872 | ||
efd4c0cd MK |
873 | This operation is exposed by |
874 | .I libkeyutils | |
875 | via the function | |
876 | .BR keyctl_set_reqkey_keyring (3). | |
8ec6a211 | 877 | .TP |
fa76da80 | 878 | .BR KEYCTL_SET_TIMEOUT " (since Linux 2.6.16)" |
adee7073 MK |
879 | Set a timeout on a key. |
880 | ||
881 | The ID of the key is specified in | |
fa76da80 | 882 | .I arg2 |
adee7073 MK |
883 | (cast to |
884 | .IR key_serial_t ). | |
885 | The timeout value, in seconds from the current time, | |
886 | is specified in | |
fa76da80 | 887 | .I arg3 |
adee7073 | 888 | (cast to |
fd2d68f9 | 889 | .IR "unsigned int" ). |
60fc9e95 | 890 | |
adee7073 MK |
891 | Specifying the timeout value as 0 clears any existing timeout on the key. |
892 | ||
60fc9e95 | 893 | The caller must either have the |
fa76da80 | 894 | .I setattr |
adee7073 MK |
895 | permission on the key |
896 | or hold an instantiation authorization token for the key (see | |
897 | .BR request_key (2)). | |
60fc9e95 | 898 | |
461a8ce5 MK |
899 | The key and any links to the key will be |
900 | automatically garbage collected after the timeout expires. | |
adee7073 MK |
901 | Subsequent attempts to access the key will then fail with the error |
902 | .BR EKEYEXPIRED . | |
903 | ||
904 | This operation cannot be used to set timeouts on negative, revoked, | |
905 | or expired keys. | |
60fc9e95 MK |
906 | |
907 | The arguments | |
908 | .IR arg4 | |
909 | and | |
910 | .IR arg5 | |
fa76da80 | 911 | are ignored. |
efd4c0cd MK |
912 | |
913 | This operation is exposed by | |
914 | .I libkeyutils | |
915 | via the function | |
916 | .BR keyctl_set_timeout (3). | |
8ec6a211 | 917 | .TP |
fa76da80 | 918 | .BR KEYCTL_ASSUME_AUTHORITY " (since Linux 2.6.16)" |
076432af MK |
919 | .\" FIXME More needs to be said for KEYCTL_ASSUME_AUTHORITY |
920 | Assume (or divest) the authority for the calling thread | |
921 | to instantiate a specified key. | |
922 | ||
923 | The | |
fa76da80 | 924 | .I arg2 |
fd2d68f9 | 925 | argument (cast to |
076432af MK |
926 | .IR key_serial_t ) |
927 | specifies either a nonzero key ID to assume authority, | |
928 | or the value 0 to divest authority. | |
929 | ||
930 | If | |
931 | .I arg2 | |
932 | is nonzero, then it specifies the ID of an uninstantiated key for which | |
933 | authority is to be assumed. | |
60fc9e95 | 934 | |
076432af MK |
935 | Authority of a key can be assumed only if the calling thread has present |
936 | in its keyrings the authorization key that is | |
937 | associated with the specified key. | |
938 | The caller must have | |
fa76da80 | 939 | .I search |
076432af MK |
940 | permission on the authorization key. |
941 | ||
942 | If the specified key has a matching authorization key, | |
943 | then the ID of that key is returned. | |
944 | The authorization key can be read to obtain | |
945 | the callout information passed to | |
946 | .BR request_key (2). | |
60fc9e95 | 947 | |
076432af | 948 | If the ID given in |
fa76da80 | 949 | .I arg2 |
076432af MK |
950 | is 0, then the currently assumed authority is cleared (divested), |
951 | and the value 0 is returned. | |
60fc9e95 MK |
952 | |
953 | The arguments | |
954 | .IR arg3 , | |
955 | .IR arg4 , | |
956 | and | |
957 | .IR arg5 | |
fa76da80 | 958 | are ignored. |
efd4c0cd MK |
959 | |
960 | This operation is exposed by | |
961 | .I libkeyutils | |
962 | via the function | |
963 | .BR keyctl_assume_authority (3). | |
fa76da80 ES |
964 | .TP |
965 | .BR KEYCTL_GET_SECURITY " (since Linux 2.6.26)" | |
60fc9e95 | 966 | Get the LSM security label of the specified key. |
461a8ce5 | 967 | The ID of the key should be provided in the |
fa76da80 | 968 | .I arg2 |
fd2d68f9 MK |
969 | argument (cast to |
970 | .IR key_serial_t ). | |
60fc9e95 | 971 | The buffer where the security label should be stored is provided in the |
fa76da80 | 972 | .I arg3 |
fd2d68f9 MK |
973 | argument (cast to |
974 | .IR "char\ *" ) | |
975 | with its size provided in the | |
fa76da80 | 976 | .I arg4 |
fd2d68f9 MK |
977 | argument (cast to |
978 | .IR size_t ). | |
60fc9e95 | 979 | |
461a8ce5 | 980 | The |
fa76da80 ES |
981 | .I arg5 |
982 | argument is ignored. | |
efd4c0cd MK |
983 | |
984 | This operation is exposed by | |
985 | .I libkeyutils | |
986 | via the function | |
987 | .BR keyctl_get_security (3) | |
988 | and | |
989 | .BR keyctl_get_security_alloc (3). | |
fa76da80 ES |
990 | .TP |
991 | .BR KEYCTL_SESSION_TO_PARENT " (since Linux 2.6.32)" | |
992 | Apply session keyring to parent process. | |
993 | .IP | |
461a8ce5 MK |
994 | Attempt to install the calling process's session keyring |
995 | on the process's parent process. | |
996 | The keyring must exist and must grant the caller | |
fa76da80 | 997 | .I link |
60fc9e95 MK |
998 | permission, and the parent process must be single-threaded and have |
999 | the same effective ownership as this process | |
1000 | and must not be be set-user-ID or set-group-ID. | |
fa76da80 ES |
1001 | .IP |
1002 | The keyring will be emplaced on the parent when it next resumes userspace. | |
60fc9e95 MK |
1003 | |
1004 | The arguments | |
1005 | .IR arg2 , | |
1006 | .IR arg3 , | |
1007 | .IR arg4 , | |
1008 | and | |
1009 | .IR arg5 | |
fa76da80 | 1010 | are ignored. |
efd4c0cd MK |
1011 | |
1012 | This operation is exposed by | |
1013 | .I libkeyutils | |
1014 | via the function | |
1015 | .BR keyctl_session_to_parent (3). | |
fa76da80 ES |
1016 | .TP |
1017 | .BR KEYCTL_REJECT " (since Linux 2.6.39)" | |
8ab24543 MK |
1018 | .\" commit fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c |
1019 | .\" We need some text here on why it is useful to negatively instantiate a key | |
1020 | Mark a key as negatively instantiated and set an expiration timer | |
1021 | on the key. | |
1022 | This operation provides a superset of the functionality of the earlier | |
1023 | .BR KEYCTL_NEGATE | |
1024 | operation. | |
1025 | ||
1026 | The ID of the key that is to be negatively instantiated is specified in | |
fa76da80 | 1027 | .I arg2 |
8ab24543 MK |
1028 | (cast to |
1029 | .IR key_serial_t ). | |
1030 | The | |
fa76da80 | 1031 | .I arg3 |
8ab24543 | 1032 | (cast to |
fd2d68f9 | 1033 | .IR "unsigned int" ) |
8ab24543 MK |
1034 | argument specifies the lifetime of the key, in seconds. |
1035 | The | |
fa76da80 | 1036 | .I arg4 |
fd2d68f9 | 1037 | argument (cast to |
8ab24543 MK |
1038 | .IR "unsigned int" ) |
1039 | specifies the error to be returned when a search hits this key; | |
1040 | typically, this is one of | |
1041 | .BR EKEYREJECTED , | |
1042 | .BR EKEYREVOKED , | |
1043 | or | |
1044 | .BR EKEYEXPIRED . | |
1045 | ||
1046 | If | |
fa76da80 | 1047 | .I arg5 |
8ab24543 MK |
1048 | (cast to |
1049 | .IR key_serial_t ) | |
1050 | is nonzero, then, subject to the same constraints and rules as | |
1051 | .BR KEYCTL_LINK , | |
1052 | the negatively instantiated key is linked into the keyring | |
1053 | whose ID specified in | |
1054 | .IR arg5 . | |
60fc9e95 | 1055 | |
461a8ce5 | 1056 | The caller must have the appropriate instantiation permit set |
60fc9e95 MK |
1057 | (authorization key, see |
1058 | .B KEYCTL_ASSUME_AUTHORITY | |
8ab24543 MK |
1059 | command and |
1060 | .BR request_key (2)). | |
d374e850 | 1061 | |
461a8ce5 | 1062 | Negative keys are used to rate limit repeated |
60fc9e95 | 1063 | .BR request_key (2) |
fa76da80 ES |
1064 | calls by causing them to return the error specified until the negative key |
1065 | expires. | |
efd4c0cd MK |
1066 | |
1067 | This operation is exposed by | |
1068 | .I libkeyutils | |
1069 | via the function | |
1070 | .BR keyctl_reject (3). | |
fa76da80 ES |
1071 | .TP |
1072 | .BR KEYCTL_INSTANTIATE_IOV " (since Linux 2.6.39)" | |
1f234c53 | 1073 | .\" commit ee009e4a0d4555ed522a631bae9896399674f063 |
329c2892 MK |
1074 | Instantiate a partially constructed key with a payload specified |
1075 | via a vector of buffers. | |
60fc9e95 | 1076 | |
329c2892 MK |
1077 | This operation is the same as |
1078 | .BR KEYCTL_INSTANTIATE , | |
1079 | but the payload data is specified as an array of | |
1080 | .IR iovec | |
1081 | structures: | |
1082 | ||
1083 | .in +4n | |
1084 | .nf | |
1085 | struct iovec { | |
1086 | void *iov_base; /* Starting address of buffer */ | |
1087 | size_t iov_len; /* Size of buffer (in bytes) */ | |
1088 | }; | |
1089 | .fi | |
1090 | .in | |
1091 | ||
1092 | The pointer to the payload vector is specified in | |
1093 | .IR arg3 | |
1094 | (cast as | |
1095 | .IR "const struct iovec\ *" ). | |
1096 | The number of items in the vector is specified in | |
1097 | .IR arg4 | |
1098 | (cast as | |
1099 | .IR "unsigned int" ). | |
60fc9e95 | 1100 | |
461a8ce5 | 1101 | The |
329c2892 MK |
1102 | .I arg2 |
1103 | (key ID) | |
1104 | and | |
fa76da80 | 1105 | .I arg5 |
329c2892 MK |
1106 | (keyring ID) |
1107 | are interpreted as for | |
1108 | .BR KEYCTL_INSTANTIATE . | |
efd4c0cd MK |
1109 | |
1110 | This operation is exposed by | |
1111 | .I libkeyutils | |
1112 | via the function | |
1113 | .BR keyctl_instantiate_iov (3). | |
fa76da80 ES |
1114 | .TP |
1115 | .BR KEYCTL_INVALIDATE " (since Linux 3.5)" | |
1f234c53 MK |
1116 | .\" commit fd75815f727f157a05f4c96b5294a4617c0557da |
1117 | Mark a key as invalid. | |
1118 | ||
1119 | The ID of the key to be invalidated is specified in | |
fa76da80 | 1120 | .I arg2 |
1f234c53 | 1121 | (cast to |
fd2d68f9 | 1122 | .IR key_serial_t ). |
60fc9e95 | 1123 | |
1f234c53 MK |
1124 | To invalidate a key, |
1125 | the caller must have | |
fa76da80 | 1126 | .I search |
1f234c53 MK |
1127 | permission on the key. |
1128 | .\" CAP_SYS_ADMIN is permitted to invalidate certain special keys | |
1129 | ||
1130 | This operation immediately marks the key as invalid | |
1131 | and schedules garbage collection. | |
1132 | The garbage collector removes the invalidated key from all keyrings and | |
1133 | deletes the key when its reference count reaches zero. | |
1134 | After this operation, | |
1135 | the key will be ignored by all searches, | |
1136 | even if it is not yet deleted. | |
1137 | ||
1138 | Keys that are marked invalid become invisible to normal key operations | |
1139 | immediately, though they are still visible in | |
1140 | .I /proc/keys | |
1141 | (marked with an 'i' flag) | |
1142 | until they are actually removed. | |
60fc9e95 MK |
1143 | |
1144 | The arguments | |
1145 | .IR arg3 , | |
1146 | .IR arg4 , | |
1147 | and | |
1148 | .IR arg5 | |
fa76da80 | 1149 | are ignored. |
efd4c0cd MK |
1150 | |
1151 | This operation is exposed by | |
1152 | .I libkeyutils | |
1153 | via the function | |
1154 | .BR keyctl_invalidate (3). | |
fa76da80 ES |
1155 | .TP |
1156 | .BR KEYCTL_GET_PERSISTENT " (since Linux 3.13)" | |
1157 | Get the persistent keyring of the user specified in the | |
1158 | .I arg2 | |
fd2d68f9 MK |
1159 | (cast to |
1160 | .IR uid_t ) | |
1161 | and link it to the keyring with the ID provided in the | |
fa76da80 | 1162 | .I arg3 |
fd2d68f9 MK |
1163 | argument (cast to |
1164 | .IR key_serial_t ). | |
60fc9e95 MK |
1165 | If \-1 is provided as UID, current user's ID is used. |
1166 | ||
1167 | The arguments | |
1168 | .IR arg4 | |
1169 | and | |
1170 | .IR arg5 | |
fa76da80 | 1171 | are ignored. |
efd4c0cd MK |
1172 | |
1173 | This operation is exposed by | |
1174 | .I libkeyutils | |
1175 | via the function | |
1176 | .BR keyctl_get_persistent (3). | |
fa76da80 ES |
1177 | .TP |
1178 | .BR KEYCTL_DH_COMPUTE " (since Linux 4.7)" | |
461a8ce5 MK |
1179 | Compute Diffie-Hellman values. |
1180 | The | |
fa76da80 ES |
1181 | .I arg2 |
1182 | argument is a pointer to | |
60fc9e95 | 1183 | .I struct keyctl_dh_params |
fa76da80 ES |
1184 | which is defined in |
1185 | .I <linux/keyctl.h> | |
1186 | as follows: | |
1187 | ||
1188 | .nf | |
1189 | .in +4n | |
1190 | struct keyctl_dh_params { | |
1191 | int32_t private; | |
1192 | int32_t prime; | |
1193 | int32_t base; | |
1194 | }; | |
1195 | .in | |
1196 | .fi | |
1197 | ||
60fc9e95 | 1198 | The |
fa76da80 | 1199 | .IR private ", " prime " and " base |
60fc9e95 | 1200 | fields are IDs of the keys, payload of which would be used for DH values |
461a8ce5 | 1201 | calculation. |
60fc9e95 | 1202 | The result is calculated as |
fa76da80 | 1203 | .IR "base^private mod prime" . |
60fc9e95 | 1204 | |
fa76da80 ES |
1205 | The |
1206 | .I arg3 | |
fd2d68f9 MK |
1207 | argument (cast to |
1208 | .IR "char\ *" ) | |
1209 | should point to an output buffer whose size is passed in the | |
fa76da80 | 1210 | .I arg4 |
fd2d68f9 MK |
1211 | argument (cast to |
1212 | .IR size_t ). | |
60fc9e95 MK |
1213 | The buffer should be big enough in order to accommodate the output data, |
1214 | otherwise an error is returned. | |
1215 | A NULL pointer can be provided as buffer in order | |
1216 | to obtain the required buffer size. | |
1217 | ||
461a8ce5 | 1218 | The |
fa76da80 | 1219 | .I arg5 |
60fc9e95 | 1220 | argument is reserved and must be 0. |
4509c62e | 1221 | .SH RETURN VALUE |
fa76da80 ES |
1222 | For a successful call, the return value depends on the operation: |
1223 | .TP | |
1224 | .B KEYCTL_GET_KEYRING_ID | |
1225 | The ID of the requested keyring. | |
1226 | .TP | |
1227 | .B KEYCTL_JOIN_SESSION_KEYRING | |
1228 | The ID of the joined session keyring. | |
1229 | .TP | |
1230 | .B KEYCTL_DESCRIBE | |
015c82d5 MK |
1231 | The size of the description (including the terminating null byte), |
1232 | irrespective of the provided buffer size. | |
fa76da80 ES |
1233 | .TP |
1234 | .B KEYCTL_SEARCH | |
d374e850 | 1235 | The ID of the key that was found. |
fa76da80 ES |
1236 | .TP |
1237 | .B KEYCTL_READ | |
8baa4815 MK |
1238 | The amount of data that is available in the key, |
1239 | irrespective of the provided buffer size. | |
fa76da80 ES |
1240 | .TP |
1241 | .B KEYCTL_SET_REQKEY_KEYRING | |
0a45d567 MK |
1242 | The ID of the previous default keyring |
1243 | to which implicitly requested keys were linked | |
1244 | (one of | |
1245 | .BR KEY_REQKEY_DEFL_USER_* ). | |
fa76da80 ES |
1246 | .TP |
1247 | .B KEYCTL_ASSUME_AUTHORITY | |
076432af MK |
1248 | Either 0, if the ID given was 0, |
1249 | or the ID of the authorization key matching the specified key, | |
1250 | if a non-zero key ID was provided. | |
fa76da80 ES |
1251 | .TP |
1252 | .B KEYCTL_GET_SECURITY | |
60fc9e95 | 1253 | The amount of information available (including the terminating null byte), |
fa76da80 ES |
1254 | irrespective of the provided buffer size. |
1255 | .TP | |
1256 | .B KEYCTL_GET_PERSISTENT | |
d374e850 | 1257 | The ID of the persistent keyring. |
fa76da80 ES |
1258 | .TP |
1259 | .B KEYCTL_DH_COMPUTE | |
1260 | Amount of bytes being copied. | |
1261 | .TP | |
1262 | All other commands | |
1263 | Zero. | |
1264 | .PP | |
1265 | On error, \-1 is returned, and | |
1266 | .I errno | |
1267 | is set appropriately to indicate the error. | |
4509c62e MK |
1268 | .SH ERRORS |
1269 | .TP | |
27807c32 | 1270 | .B EACCES |
60fc9e95 | 1271 | The requested operation wasn't permitted. |
27807c32 | 1272 | .TP |
c336c207 MK |
1273 | .B EDEADLK |
1274 | .I option | |
1275 | is | |
1276 | .BR KEYCTL_LINK | |
1277 | and the requested link would result in a cycle. | |
1278 | .TP | |
27807c32 MK |
1279 | .B EDQUOT |
1280 | The key quota for the caller's user would be exceeded by creating a key or | |
1281 | linking it to the keyring. | |
4509c62e | 1282 | .TP |
3d20acc9 MK |
1283 | .B EINVAL |
1284 | .I option | |
1285 | was | |
1286 | .B KEYCTL_SETPERM | |
1287 | and an invalid permission bit was specified in | |
1288 | .IR arg3 . | |
1289 | .TP | |
4509c62e MK |
1290 | .B EKEYEXPIRED |
1291 | An expired key was found or specified. | |
1292 | .TP | |
4509c62e MK |
1293 | .B EKEYREJECTED |
1294 | A rejected key was found or specified. | |
1295 | .TP | |
27807c32 MK |
1296 | .B EKEYREVOKED |
1297 | A revoked key was found or specified. | |
4509c62e | 1298 | .TP |
c336c207 MK |
1299 | .B ELOOP |
1300 | .I option | |
1301 | is | |
1302 | .BR KEYCTL_LINK | |
1303 | and the requested link would cause the maximum nesting depth | |
1304 | for keyrings to be exceeded. | |
1305 | .TP | |
27807c32 MK |
1306 | .B ENOKEY |
1307 | No matching key was found or an invalid key was specified. | |
fa76da80 | 1308 | .TP |
d6c7244f MK |
1309 | .B ENOKEY |
1310 | The value | |
1311 | .B KEYCTL_GET_KEYRING_ID | |
1312 | was specified in | |
1313 | .IR option , | |
1314 | the key specified in | |
1315 | .I arg2 | |
1316 | did not exist, and | |
1317 | .I arg3 | |
1318 | was zero (meaning don't create the key if it didn't exist). | |
1319 | .TP | |
581f8203 | 1320 | .B EOPNOTSUPP |
fa76da80 ES |
1321 | .I option |
1322 | is | |
1323 | .B KEYCTL_UPDATE | |
60fc9e95 | 1324 | and the key type does not support updating. |
fa76da80 ES |
1325 | .TP |
1326 | .B ENOTDIR | |
f8aead6a MK |
1327 | A key of keyring type was expected but the ID of a key with |
1328 | a different type was provided. | |
fa76da80 ES |
1329 | .TP |
1330 | .B ENFILE | |
c336c207 MK |
1331 | .\" FIXME Does this error really occur? I could not find where |
1332 | .\" in the kernel source it is generated, but have not tested | |
1333 | .\" this case from a user-space program | |
1334 | .IR option | |
1335 | is | |
1336 | .BR KEYCTL_LINK | |
1337 | and the keyring is full. | |
fa76da80 ES |
1338 | .TP |
1339 | .B ENOENT | |
1340 | .I option | |
1341 | is | |
1342 | .B KEYCTL_UNLINK | |
2981a43f | 1343 | and the key to be unlinked isn't linked to the keyring. |
fa76da80 ES |
1344 | .TP |
1345 | .B EINVAL | |
1346 | .I option | |
1347 | is | |
1348 | .B KEYCTL_DH_COMPUTE | |
60fc9e95 | 1349 | and the buffer size provided is not enough for the result to fit in. |
461a8ce5 | 1350 | Provide 0 as |
fa76da80 | 1351 | a buffer size in order to obtain minimum buffer size first. |
a5987bfd MK |
1352 | .SH VERSIONS |
1353 | This system call first appeared in Linux 2.6.11. | |
1354 | .SH CONFORMING TO | |
1355 | This system call is a nonstandard Linux extension. | |
60fc9e95 | 1356 | .SH NOTES |
4509c62e MK |
1357 | Although this is a Linux system call, it is not present in |
1358 | .I libc | |
1359 | but can be found rather in | |
1360 | .IR libkeyutils . | |
1361 | When linking, | |
60fc9e95 | 1362 | .B \-lkeyutils |
4509c62e | 1363 | should be specified to the linker. |
4509c62e | 1364 | .SH SEE ALSO |
e264f024 MK |
1365 | .ad l |
1366 | .nh | |
4509c62e | 1367 | .BR keyctl (1), |
4509c62e | 1368 | .BR add_key (2), |
4509c62e | 1369 | .BR request_key (2), |
4509c62e | 1370 | .BR keyctl_chown (3), |
4509c62e | 1371 | .BR keyctl_clear (3), |
cf4d4361 DP |
1372 | .BR keyctl_describe (3), |
1373 | .BR keyctl_describe_alloc (3), | |
1374 | .BR keyctl_get_keyring_ID (3), | |
4509c62e | 1375 | .BR keyctl_instantiate (3), |
cf4d4361 DP |
1376 | .BR keyctl_join_session_keyring (3), |
1377 | .BR keyctl_link (3), | |
4509c62e | 1378 | .BR keyctl_negate (3), |
d8f1a35c MK |
1379 | .BR keyctl_read (3), |
1380 | .BR keyctl_read_alloc (3), | |
cf4d4361 DP |
1381 | .BR keyctl_revoke (3), |
1382 | .BR keyctl_search (3), | |
4509c62e | 1383 | .BR keyctl_set_reqkey_keyring (3), |
4509c62e | 1384 | .BR keyctl_set_timeout (3), |
d8f1a35c | 1385 | .BR keyctl_setperm (3), |
cf4d4361 DP |
1386 | .BR keyctl_unlink (3), |
1387 | .BR keyctl_update (3), | |
32fc2407 | 1388 | .BR keyrings (7), |
4509c62e | 1389 | .BR request-key (8) |
7e7454ef | 1390 | |
bfc23228 MK |
1391 | The kernel source files |
1392 | .IR Documentation/security/keys.txt | |
1393 | and | |
1394 | .IR Documentation/security/keys-request-key.txt . |