+++ /dev/null
-.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
-.\" Written by David Howells (dhowells@redhat.com)
-.\" and Copyright (C) 2016 Michael Kerrisk <mtk.man-pages@gmail.com>
-.\"
-.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
-.\" This program is free software; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License
-.\" as published by the Free Software Foundation; either version
-.\" 2 of the License, or (at your option) any later version.
-.\" %%%LICENSE_END
-.\"
-.TH ADD_KEY 2 2016-07-17 Linux "Linux Key Management Calls"
-.SH NAME
-add_key \- add a key to the kernel's key management facility
-.SH SYNOPSIS
-.nf
-.B #include <sys/types.h>
-.B #include <keyutils.h>
-.sp
-.BI "key_serial_t add_key(const char *" type ", const char *" description ,
-.BI " const void *" payload ", size_t " plen ,
-.BI " key_serial_t " keyring ");"
-.fi
-
-No glibc wrapper is provided for this system call; see NOTES.
-.SH DESCRIPTION
-.BR add_key ()
-creates or updates a key of the given
-.I type
-and
-.IR description ,
-instantiates it with the
-.I payload
-of length
-.IR plen ,
-attaches it to the nominated
-.IR keyring ,
-and return the key's serial number.
-.P
-The key type may reject the data if it is in the wrong format or
-is in some other way invalid.
-.P
-If the destination
-.I keyring
-already contains a key that matches the specified
-.IR type
-and
-.IR description ,
-then, if the key type supports it, that key will be updated rather than a new
-key being created; if not, a new key will be created and it will displace the
-link to the extant key from the keyring.
-.P
-The destination
-.I keyring
-serial number may be that of a valid keyring for which the caller has
-.I write
-permission, or it may be one of the following special keyring IDs:
-.TP
-.B KEY_SPEC_THREAD_KEYRING
-This specifies the caller's thread-specific keyring
-.RB ( thread-keyring (7)).
-.TP
-.B KEY_SPEC_PROCESS_KEYRING
-This specifies the caller's process-specific keyring
-.RB ( process-keyring (7)).
-.TP
-.B KEY_SPEC_SESSION_KEYRING
-This specifies the caller's session-specific keyring
-.RB ( session-keyring (7)).
-.TP
-.B KEY_SPEC_USER_KEYRING
-This specifies the caller's UID-specific keyring
-.RB ( user-keyring (7)).
-.TP
-.B KEY_SPEC_USER_SESSION_KEYRING
-This specifies the caller's UID-session keyring
-.RB ( user-session-keyring (7)).
-.SS Key types
-The key
-.I type
-is a string that specifies the key's type.
-Internally, the kernel defines a number of key types that are
-available in the core key management code.
-The following types are available for user-space use,
-and can be specified as the
-.I type
-argument to
-.BR add_key ():
-.TP
-.IR """user"""
-The payload for keys of this type is a blob of arbitrary data
-of up to 32,767 bytes.
-The
-.I description
-may be any valid string, though it is preferred that it
-start with a colon-delimited prefix representing the service
-to which the key is of interest
-(for instance
-.IR """afs:mykey""" ).
-.TP
-.I """keyring"""
-Keyrings are special key types that may contain links to sequences of other
-keys of any type.
-If this interface is used to create a keyring, then a NULL
-.I payload
-should be specified, and
-.I plen
-should be zero.
-.TP
-.IR """logon""" " (since Linux 3.3)"
-.\" commit 9f6ed2ca257fa8650b876377833e6f14e272848b
-This key type is essentially the same as
-.IR """user""" ,
-but does not provide reading (i.e., the
-.BR keyctl (2)
-.BR KEYCTL_READ
-operation),
-meaning that the key payload is never visible from user space.
-This is suitable for storing username and password pairs in the keyring
-that you do not want to be readable from user space.
-
-This key type also vets the
-.I description
-to ensure that it is qualified by a "service" prefix,
-by checking to ensure that the
-.I description
-contains a ':' that is preceded by other characters.
-.TP
-.IR """big_key""" " (since Linux 3.13)"
-.\" commit ab3c3587f8cda9083209a61dbe3a4407d3cada10
-This key type is similar to
-.IR """user""" ,
-but may hold a payload of up to 1 MiB.
-For this key type,
-the contents can be saved in a tmpfs filesystem and
-thus swapped out to disk when memory pressure is high.
-This key type is useful for tasks such as holding Kerberos ticket caches.
-.SH RETURN VALUE
-On success,
-.BR add_key ()
-returns the serial number of the key it created or updated.
-On error, \-1 is returned and
-.I errno
-is set to indicate the cause of the error.
-.SH ERRORS
-.TP
-.B EACCES
-The keyring wasn't available for modification by the user.
-.TP
-.B EDQUOT
-The key quota for this user would be exceeded by creating this key or linking
-it to the keyring.
-.TP
-.B EINVAL
-The size of the string (including the terminating null byte) specified in
-.I type
-or
-.I description
-exceeded the limit (32 bytes and 4096 bytes respectively).
-.TP
-.B EINVAL
-The payload data was invalid.
-.TP
-.B EINVAL
-.IR type
-was
-.IR """logon"""
-and the
-.I description
-was not qualified with a prefix string of the form
-.IR """service:""" .
-.TP
-.B EKEYEXPIRED
-The keyring has expired.
-.TP
-.B EKEYREVOKED
-The keyring has been revoked.
-.TP
-.B ENOKEY
-The keyring doesn't exist.
-.TP
-.B ENOMEM
-Insufficient memory to create a key.
-.SH VERSIONS
-This system call first appeared in Linux 2.6.11.
-.SH CONFORMING TO
-This system call is a nonstandard Linux extension.
-.SH NOTES
-No wrapper for this system call is provided in glibc.
-A wrapper is provided in the
-.IR libkeyutils
-package.
-When employing the wrapper in that library, link with
-.IR \-lkeyutils .
-.SH EXAMPLE
-The program below creates a key with the type, description, and payload
-specified in its command-line arguments,
-and links that key into the session keyring.
-The following shell session demonstrates the use of the program:
-
-.in +4n
-.nf
-$ \fB./a.out user mykey "Some payload"\fP
-Key ID is 64a4dca
-$ \fBgrep \(aq64a4dca\(aq /proc/keys\fP
-064a4dca I--Q--- 1 perm 3f010000 1000 1000 user mykey: 12
-.fi
-.in
-.SS Program source
-\&
-.nf
-#include <sys/types.h>
-#include <keyutils.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
- } while (0)
-
-int
-main(int argc, char *argv[])
-{
- key_serial_t key;
-
- if (argc != 4) {
- fprintf(stderr, "Usage: %s type description payload\\n",
- argv[0]);
- exit(EXIT_FAILURE);
- }
-
- key = add_key(argv[1], argv[2], argv[3], strlen(argv[3]),
- KEY_SPEC_SESSION_KEYRING);
- if (key == \-1)
- errExit("add_key");
-
- printf("Key ID is %lx\\n", (long) key);
-
- exit(EXIT_SUCCESS);
-}
-.fi
-.SH SEE ALSO
-.BR keyctl (1),
-.BR keyctl (2),
-.BR request_key (2),
-.BR keyctl (3),
-.BR keyutils (7),
-.BR keyrings (7),
-.BR persistent-keyring (7),
-.BR process-keyring (7),
-.BR session-keyring (7),
-.BR thread-keyring (7),
-.BR user-keyring (7),
-.BR user-session-keyring (7)
-
-The kernel source files
-.IR Documentation/security/keys.txt
-and
-.IR Documentation/security/keys-request-key.txt .
projects / thirdparty / man-pages.git / blobdiff