# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-06-01 05:59+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "keyctl" msgstr "" #. type: TH #: archlinux debian-unstable opensuse-tumbleweed #, no-wrap msgid "2024-05-02" msgstr "" #. type: TH #: archlinux debian-unstable #, no-wrap msgid "Linux man-pages 6.8" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "keyctl - manipulate the kernel's key management facility" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "LIBRARY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Standard C library (I, I<-lc>)" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Alternatively, Linux Key Management Utilities (I, I<-" "lkeyutils>); see VERSIONS." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "B<#include Elinux/keyctl.hE> /* Definition of B constants */\n" "B<#include Esys/syscall.hE> /* Definition of B constants */\n" "B<#include Eunistd.hE>\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "BIB<, unsigned long >IB<,>\n" "B< unsigned long >IB<, unsigned long >IB<,>\n" "B< unsigned long >IB<);>\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I: glibc provides no wrapper for B(), necessitating the use of " "B(2)." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B() allows user-space programs to perform key manipulation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The operation performed by B() is determined by the value of the " "I argument. Each of these operations is wrapped by the " "I library (provided by the I package) into individual " "functions (noted below) to permit the compiler to check types." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The permitted values for I are:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Map a special key ID to a real key ID for this process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation looks up the special key whose ID is provided in I " "(cast to I). If the special key is found, the ID of the " "corresponding real key is returned as the function result. The following " "values may be specified in I:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the calling thread's thread-specific keyring. See B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the caller's process-specific keyring. See B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the caller's session-specific keyring. See B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the caller's UID-specific keyring. See B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the caller's UID-session keyring. See B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.16)" msgstr "" #. commit b5f545c880a2a47947ba2118b2509644ab7a2969 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the authorization key created by B(2) and " "passed to the process it spawns to generate a key. This key is available " "only in a B(8)-style program that was passed an authorization " "key by the kernel and ceases to be available once the requested key has been " "instantiated; see B(2)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.29)" msgstr "" #. commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This specifies the key ID for the B(2) destination keyring. " "This keyring is available only in a B(8)-style program that was " "passed an authorization key by the kernel and ceases to be available once " "the requested key has been instantiated; see B(2)." msgstr "" #. The keyctl_get_keyring_ID.3 page says that a new key #. "will be created *if it is appropriate to do so**. What is the #. determiner for appropriate? #. David Howells: Some special keys such as KEY_SPEC_REQKEY_AUTH_KEY #. wouldn't get created but user/user-session/session keyring would #. be created. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The behavior if the key specified in I does not exist depends on the " "value of I (cast to I). If I contains a nonzero value, " "then\\[em]if it is appropriate to do so (e.g., when looking up the user, " "user-session, or session key)\\[em]a new key is created and its real key ID " "returned as the function result. Otherwise, the operation fails with the " "error B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If a valid key ID is specified in I, and the key exists, then this " "operation simply returns the key ID. If the key does not exist, the call " "fails with error B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have I permission on a keyring in order for it to be " "found." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The arguments I and I are ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. This may be useful in conjunction with some sort of #. session management framework that is employed by the application. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Replace the session keyring this process subscribes to with a new session " "keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I is NULL, an anonymous keyring with the description \"_ses\" is " "created and the process is subscribed to that keyring as its session " "keyring, displacing the previous session keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, I (cast to I) is treated as the description " "(name) of a keyring, and the behavior is as follows:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "\\[bu]" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If a keyring with a matching description exists, the process will attempt to " "subscribe to that keyring as its session keyring if possible; if that is not " "possible, an error is returned. In order to subscribe to the keyring, the " "caller must have I permission on the keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If a keyring with a matching description does not exist, then a new keyring " "with the specified description is created, and the process is subscribed to " "that keyring as its session keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The arguments I, I, and I are ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Update a key's data payload." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I argument (cast to I) specifies the ID of the key " "to be updated. The I argument (cast to I) points to the " "new payload and I (cast to I) contains the new payload size " "in bytes." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have I permission on the key specified and the key " "type must support updating." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A negatively instantiated key (see the description of B) can " "be positively instantiated with this operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The I argument is ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Revoke the key with the ID provided in I (cast to I). " "The key is scheduled for garbage collection; it will no longer be findable, " "and will be unavailable for further operations. Further attempts to use the " "key will fail with the error B." msgstr "" #. Keys with the KEY_FLAG_KEEP bit set cause an EPERM #. error for KEYCTL_REVOKE. Does this need to be documented? #. David Howells: No significance for user space. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The caller must have I or I permission on the key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Change the ownership (user and group ID) of a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I argument (cast to I) contains the key ID. The " "I argument (cast to I) contains the new user ID (or -1 in case " "the user ID shouldn't be changed). The I argument (cast to I) " "contains the new group ID (or -1 in case the group ID shouldn't be changed)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The key must grant the caller I permission." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For the UID to be changed, or for the GID to be changed to a group the " "caller is not a member of, the caller must have the B " "capability (see B(7))." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the UID is to be changed, the new user must have sufficient quota to " "accept the key. The quota deduction will be removed from the old user to " "the new user should the UID be changed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Change the permissions of the key with the ID provided in the I " "argument (cast to I) to the permissions provided in the " "I argument (cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the caller doesn't have the B capability, it can change " "permissions only for the keys it owns. (More precisely: the caller's " "filesystem UID must match the UID of the key.)" msgstr "" #. FIXME Above, is it really intended that a privileged process can't #. override the lack of the 'setattr' permission? #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key must grant I permission to the caller I of the " "caller's capabilities." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permissions in I specify masks of available operations for each of " "the following user categories:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I (since Linux 2.6.14)" msgstr "" #. commit 664cceb0093b755739e56572b836a99104ee8a75 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This is the permission granted to a process that possesses the key (has it " "attached searchably to one of the process's keyrings); see B(7)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This is the permission granted to a process whose filesystem UID matches the " "UID of the key." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This is the permission granted to a process whose filesystem GID or any of " "its supplementary GIDs matches the GID of the key." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This is the permission granted to other processes that do not match the " "I and I categories." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I, I, and I categories are exclusive: if a process " "matches the I category, it will not receive permissions granted in the " "I category; if a process matches the I or I category, " "then it will not receive permissions granted in the I category." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I category grants permissions that are cumulative with the " "grants from the I, I, or I category." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Each permission mask is eight bits in size, with only six bits currently " "used. The available permissions are:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This permission allows reading attributes of a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This permission is required for the B operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, B, " "B, and B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This permission allows reading a key's payload." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This permission is required for the B operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, B, " "B, and B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission allows update or instantiation of a key's payload. For a " "keyring, it allows keys to be linked and unlinked from the keyring," msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission is required for the B, B, " "B, B, and B operations." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, " "B, B, and B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission allows keyrings to be searched and keys to be found. " "Searches can recurse only into nested keyrings that have I " "permission set." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission is required for the B, " "B, B, and B " "operations." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, " "B, B, and B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This permission allows a key or keyring to be linked to." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission is required for the B and " "B operations." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, B, " "B, and B." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I (since Linux 2.6.15)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission allows a key's UID, GID, and permissions mask to be changed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This permission is required for the B, B, and " "B operations." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The permission bits for each category are B, " "B, B, and B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As a convenience, the following macros are defined as masks for all of the " "permission bits in each of the user categories: B, " "B, B, and B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The I and I arguments are ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Obtain a string describing the attributes of a specified key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key to be described is specified in I (cast to " "I). The descriptive string is returned in the buffer pointed " "to by I (cast to I); I (cast to I) specifies " "the size of that buffer in bytes." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The key must grant the caller I permission." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The returned string is null-terminated and contains the following " "information about the key:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I;I;I;I;I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In the above, I and I are strings, I and I are " "decimal strings, and I is a hexadecimal permissions mask. The " "descriptive string is written with the following format:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "%s;%d;%d;%08x;%s\n" msgstr "" #. FIXME But, the kernel does not enforce the requirement #. that the key description contains no semicolons! #. So, user space has no guarantee here?? #. Either something more needs to be said here, #. or a kernel fix is required. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B B In particular, the I field will not " "contain semicolons; it should be parsed by working backwards from the end of " "the string to find the last semicolon. This allows future semicolon-" "delimited fields to be inserted in the descriptive string in the future." msgstr "" #. Function commentary says it copies up to buflen bytes, but see the #. (buffer && buflen >= ret) condition in keyctl_describe_key() in #. security/keyctl.c #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Writing to the buffer is attempted only when I is non-NULL and the " "specified buffer size is large enough to accept the descriptive string " "(including the terminating null byte). In order to determine whether the " "buffer size was too small, check to see if the return value of the operation " "is greater than I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Clear the contents of (i.e., unlink all keys from) a keyring." msgstr "" #. or the error ENOTDIR results #. According to Documentation/security/keys.txt: #. This function can also be used to clear special kernel keyrings if they #. are appropriately marked if the user has CAP_SYS_ADMIN capability. The #. DNS resolver cache keyring is an example of this. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key (which must be of keyring type) is provided in I " "(cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The caller must have I permission on the keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Create a link from a keyring to a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key to be linked is specified in I (cast to I); the " "keyring is specified in I (cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If a key with the same type and description is already linked in the " "keyring, then that key is displaced from the keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Before creating the link, the kernel checks the nesting of the keyrings and " "returns appropriate errors if the link would produce a cycle or if the " "nesting of keyrings would be too deep (The limit on the nesting of keyrings " "is determined by the kernel constant B, defined " "with the value 6, and is necessary to prevent overflows on the kernel stack " "when recursively searching keyrings)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have I permission on the key being added and I " "permission on the keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Unlink a key from a keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key to be unlinked is specified in I (cast to " "I); the ID of the keyring from which it is to be unlinked is " "specified in I (cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "If the key is not currently linked into the keyring, an error results." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have I permission on the keyring from which the key " "is being removed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the last link to a key is removed, then that key will be scheduled for " "destruction." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Search for a key in a keyring tree, returning its ID and optionally linking " "it to a specified keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The tree to be searched is specified by passing the ID of the head keyring " "in I (cast to I). The search is performed breadth-first " "and recursively." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I and I arguments specify the key to be searched for: " "I (cast as I) contains the key type (a null-terminated " "character string up to 32 bytes in size, including the terminating null " "byte), and I (cast as I) contains the description of the " "key (a null-terminated character string up to 4096 bytes in size, including " "the terminating null byte)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The source keyring must grant I permission to the caller. When " "performing the recursive search, only keyrings that grant the caller " "I permission will be searched. Only keys with for which the caller " "has I permission can be found." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "If the key is found, its ID is returned as the function result." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the key is found and I (cast to I) is nonzero, then, " "subject to the same constraints and rules as B, the key is " "linked into the keyring whose ID is specified in I. If the " "destination keyring specified in I already contains a link to a key " "that has the same type and description, then that link will be displaced by " "a link to the key found by this operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Instead of valid existing keyring IDs, the source (I) and destination " "(I) keyrings can be one of the special keyring IDs listed under " "B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Read the payload data of a key." msgstr "" #. including KEY_SPEC_REQKEY_AUTH_KEY #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key whose payload is to be read is specified in I (cast " "to I). This can be the ID of an existing key, or any of the " "special key IDs listed for B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The payload is placed in the buffer pointed by I (cast to I); the size of that buffer must be specified in I (cast to " "I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The returned data will be processed for presentation according to the key " "type. For example, a keyring will return an array of I " "entries representing the IDs of all the keys that are linked to it. The " "I key type will return its data as is. If a key type does not " "implement this function, the operation fails with the error B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I is not NULL, as much of the payload data as will fit is copied " "into the buffer. On a successful return, the return value is always the " "total size of the payload data. To determine whether the buffer was of " "sufficient size, check to see that the return value is less than or equal to " "the value supplied in I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key must either grant the caller I permission, or grant the caller " "I permission when searched for from the process keyrings (i.e., the " "key is possessed)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "(Positively) instantiate an uninstantiated key with a specified payload." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key to be instantiated is provided in I (cast to " "I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key payload is specified in the buffer pointed to by I (cast to " "I); the size of that buffer is specified in I (cast to " "I)." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "The payload may be a null pointer and the buffer size may be 0 if this is " "supported by the key type (e.g., it is a keyring)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The operation may be fail if the payload data is in the wrong format or is " "otherwise invalid." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I (cast to I) is nonzero, then, subject to the same " "constraints and rules as B, the instantiated key is linked into " "the keyring whose ID specified in I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have the appropriate authorization key, and once the " "uninstantiated key has been instantiated, the authorization key is revoked. " "In other words, this operation is available only from a B(8)-" "style program. See B(2) for an explanation of uninstantiated " "keys and key instantiation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.10)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Negatively instantiate an uninstantiated key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This operation is equivalent to the call:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "keyctl(KEYCTL_REJECT, arg2, arg3, ENOKEY, arg4);\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.13)" msgstr "" #. I.e., calls to the kernel's internal request_key() interface, #. which is distinct from the request_key(2) system call (which #. ultimately employs the kernel-internal interface). #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Set the default keyring to which implicitly requested keys will be linked " "for this thread, and return the previous setting. Implicit key requests are " "those made by internal kernel components, such as can occur when, for " "example, opening files on an AFS or NFS filesystem. Setting the default " "keyring also has an effect when requesting a key from user space; see " "B(2) for details." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I argument (cast to I) should contain one of the following " "values, to specify the new default keyring:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Don't change the default keyring. This can be used to discover the current " "default keyring (without changing it)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This selects the default behaviour, which is to use the thread-specific " "keyring if there is one, otherwise the process-specific keyring if there is " "one, otherwise the session keyring if there is one, otherwise the UID-" "specific session keyring, otherwise the user-specific keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the thread-specific keyring (B(7)) as the new default " "keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the process-specific keyring (B(7)) as the new default " "keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the session-specific keyring (B(7)) as the new default " "keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the UID-specific keyring (B(7)) as the new default " "keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use the UID-specific session keyring (B(7)) as the " "new default keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.29)" msgstr "" # # #. 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 #. FIXME The preceding explanation needs to be expanded. #. Is the following correct: #. The requestor keyring is the dest_keyring that #. was supplied to a call to request_key(2)? #. David Howells said: to be checked #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Use the requestor keyring." msgstr "" #. (including the still-unsupported KEY_REQKEY_DEFL_GROUP_KEYRING) #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "All other values are invalid." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The setting controlled by this operation is inherited by the child of " "B(2) and preserved across B(2)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.16)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Set a timeout on a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key is specified in I (cast to I). The " "timeout value, in seconds from the current time, is specified in I " "(cast to I). The timeout is measured against the realtime " "clock." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Specifying the timeout value as 0 clears any existing timeout on the key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I file displays the remaining time until each key will " "expire. (This is the only method of discovering the timeout on a key.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must either have the I permission on the key or hold an " "instantiation authorization token for the key (see B(2))." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key and any links to the key will be automatically garbage collected " "after the timeout expires. Subsequent attempts to access the key will then " "fail with the error B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation cannot be used to set timeouts on revoked, expired, or " "negatively instantiated keys." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.16)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Assume (or divest) the authority for the calling thread to instantiate a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I argument (cast to I) specifies either a nonzero " "key ID to assume authority, or the value 0 to divest authority." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I is nonzero, then it specifies the ID of an uninstantiated key for " "which authority is to be assumed. That key can then be instantiated using " "one of B, B, B, " "or B. Once the key has been instantiated, the thread is " "automatically divested of authority to instantiate the key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Authority over a key can be assumed only if the calling thread has present " "in its keyrings the authorization key that is associated with the specified " "key. (In other words, the B operation is available " "only from a B(8)-style program; see B(2) for an " "explanation of how this operation is used.) The caller must have I " "permission on the authorization key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the specified key has a matching authorization key, then the ID of that " "key is returned. The authorization key can be read (B) to " "obtain the callout information passed to B(2)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the ID given in I is 0, then the currently assumed authority is " "cleared (divested), and the value 0 is returned." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B mechanism allows a program such as B(8) to assume the necessary authority to instantiate a new " "uninstantiated key that was created as a consequence of a call to " "B(2). For further information, see B(2) and the " "kernel source file I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.26)" msgstr "" #. commit 70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Get the LSM (Linux Security Module) security label of the specified key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key whose security label is to be fetched is specified in " "I (cast to I). The security label (terminated by a null " "byte) will be placed in the buffer pointed to by I argument (cast to " "I); the size of the buffer must be provided in I (cast to " "I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I is specified as NULL or the buffer size specified in I is " "too small, the full size of the security label string (including the " "terminating null byte) is returned as the function result, and nothing is " "copied to the buffer." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The caller must have I permission on the specified key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The returned security label string will be rendered in a form appropriate to " "the LSM in force. For example, with SELinux, it may look like:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If no LSM is currently in force, then an empty string is placed in the " "buffer." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the functions " "B(3) and B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.32)" msgstr "" #. commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f #. What is the use case for KEYCTL_SESSION_TO_PARENT? #. David Howells: the Process Authentication Groups people requested this, #. but then didn't use it; maybe there are no users. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Replace the session keyring to which the I of the calling process " "subscribes with the session keyring of the calling process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The keyring will be replaced in the parent process at the point where the " "parent next transitions from kernel space to user space." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The keyring must exist and must grant the caller I permission. The " "parent process must be single-threaded and have the same effective ownership " "as this process and must not be set-user-ID or set-group-ID. The UID of the " "parent process's existing session keyring (f it has one), as well as the UID " "of the caller's session keyring much match the caller's effective UID." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The fact that it is the parent process that is affected by this operation " "allows a program such as the shell to start a child process that uses this " "operation to change the shell's session keyring. (This is what the " "B(1) B command does.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The arguments I, I, I, and I are ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.39)" msgstr "" #. commit fdd1b94581782a2ddf9124414e5b7a5f48ce2f9c #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Mark a key as negatively instantiated and set an expiration timer on the " "key. This operation provides a superset of the functionality of the earlier " "B operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key that is to be negatively instantiated is specified in " "I (cast to I). The I (cast to I) " "argument specifies the lifetime of the key, in seconds. The I " "argument (cast to I) specifies the error to be returned when " "a search hits this key; typically, this is one of B, " "B, or B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I (cast to I) is nonzero, then, subject to the same " "constraints and rules as B, the negatively instantiated key is " "linked into the keyring whose ID is specified in I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have the appropriate authorization key. In other words, " "this operation is available only from a B(8)-style program. " "See B(2)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 2.6.39)" msgstr "" #. commit ee009e4a0d4555ed522a631bae9896399674f063 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Instantiate an uninstantiated key with a payload specified via a vector of " "buffers." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is the same as B, but the payload data is " "specified as an array of I structures (see B(3type))." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The pointer to the payload vector is specified in I (cast as I). The number of items in the vector is specified in " "I (cast as I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I (key ID) and I (keyring ID) are interpreted as for " "B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.5)" msgstr "" #. commit fd75815f727f157a05f4c96b5294a4617c0557da #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Mark a key as invalid." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the key to be invalidated is specified in I (cast to " "I)." msgstr "" #. CAP_SYS_ADMIN is permitted to invalidate certain special keys #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "To invalidate a key, the caller must have I permission on the key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation marks the key as invalid and schedules immediate garbage " "collection. The garbage collector removes the invalidated key from all " "keyrings and deletes the key when its reference count reaches zero. After " "this operation, the key will be ignored by all searches, even if it is not " "yet deleted." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Keys that are marked invalid become invisible to normal key operations " "immediately, though they are still visible in I (marked with an " "'i' flag) until they are actually removed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.13)" msgstr "" #. commit f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Get the persistent keyring (B(7)) for a specified user " "and link it to a specified keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The user ID is specified in I (cast to I). If the value -1 is " "specified, the caller's real user ID is used. The ID of the destination " "keyring is specified in I (cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller must have the B capability in its user namespace in " "order to fetch the persistent keyring for a user ID that does not match " "either the real or effective user ID of the caller." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the call is successful, a link to the persistent keyring is added to the " "keyring whose ID was specified in I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The persistent keyring will be created by the kernel if it does not yet " "exist." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Each time the B operation is performed, the " "persistent keyring will have its expiration timeout reset to the value in:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "/proc/sys/kernel/keys/persistent_keyring_expiry\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Should the timeout be reached, the persistent keyring will be removed and " "everything it pins can then be garbage collected." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Persistent keyrings were added in Linux 3.13." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I via the function " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.7)" msgstr "" #. commit ddbb41148724367394d0880c516bfaeed127b52e #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Compute a Diffie-Hellman shared secret or public key, optionally applying " "key derivation function (KDF) to the result." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-rawhide opensuse-tumbleweed msgid "" "The I argument is a pointer to a set of parameters containing serial " "numbers for three I<\\[dq]user\\[dq]> keys used in the Diffie-Hellman " "calculation, packaged in a structure of the following form:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct keyctl_dh_params {\n" " int32_t private; /* The local private key */\n" " int32_t prime; /* The prime, known to both parties */\n" " int32_t base; /* The base integer: either a shared\n" " generator or the remote public key */\n" "};\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Each of the three keys specified in this structure must grant the caller " "I permission. The payloads of these keys are used to calculate the " "Diffie-Hellman result as:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "base \\[ha] private mod prime\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the base is the shared generator, the result is the local public key. If " "the base is the remote public key, the result is the shared secret." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I argument (cast to I) points to a buffer where the " "result of the calculation is placed. The size of that buffer is specified " "in I (cast to I)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The buffer must be large enough to accommodate the output data, otherwise an " "error is returned. If I is specified zero, in which case the buffer " "is not used and the operation returns the minimum required buffer size (i." "e., the length of the prime)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Diffie-Hellman computations can be performed in user space, but require a " "multiple-precision integer (MPI) library. Moving the implementation into " "the kernel gives access to the kernel MPI implementation, and allows access " "to secure or acceleration hardware." msgstr "" #. commit f1c316a3ab9d24df6022682422fe897492f2c0c8 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Adding support for DH computation to the B() system call was " "considered a good fit due to the DH algorithm's use for deriving shared " "keys; it also allows the type of the key to determine which DH " "implementation (software or hardware) is appropriate." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the I argument is B, then the DH result itself is returned. " "Otherwise (since Linux 4.12), it is a pointer to a structure which specifies " "parameters of the KDF operation to be applied:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct keyctl_kdf_params {\n" " char *hashname; /* Hash algorithm name */\n" " char *otherinfo; /* SP800-56A OtherInfo */\n" " __u32 otherinfolen; /* Length of otherinfo data */\n" " __u32 __spare[8]; /* Reserved */\n" "};\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field is a null-terminated string which specifies a hash " "name (available in the kernel's crypto API; the list of the hashes available " "is rather tricky to observe; please refer to the E<.UR https://www.kernel." "org\\:/doc\\:/html\\:/latest\\:/crypto\\:/architecture.html> \"Kernel Crypto " "API Architecture\" E<.UE> documentation for the information regarding how " "hash names are constructed and your kernel's source and configuration " "regarding what ciphers and templates with type B are " "available) to be applied to DH result in KDF operation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field is an I data as described in SP800-56A " "section 5.8.1.2 and is algorithm-specific. This data is concatenated with " "the result of DH operation and is provided as an input to the KDF " "operation. Its size is provided in the I field and is limited " "by B constant that defined in I to a value of 64." msgstr "" #. commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B<__spare> field is currently unused. It was ignored until Linux 4.13 " "(but still should be user-addressable since it is copied to the kernel), and " "should contain zeros since Linux 4.13." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The KDF implementation complies with SP800-56A as well as with SP800-108 " "(the counter KDF)." msgstr "" #. keyutils commit 742c9d7b94051d3b21f9f61a73ed6b5f3544cb82 #. keyutils commit d68a981e5db41d059ac782071c35d1e8f3aaf61c #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is exposed by I (from I 1.5.10 " "onwards) via the functions B(3) and " "B(3)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.12)" msgstr "" #. commit 6563c91fd645556c7801748f15bc727c77fcd311 #. commit 7228b66aaf723a623e578aa4db7d083bb39546c9 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Apply a key-linking restriction to the keyring with the ID provided in " "I (cast to I). The caller must have I " "permission on the key. If I is NULL, any attempt to add a key to the " "keyring is blocked; otherwise it contains a pointer to a string with a key " "type name and I contains a pointer to string that describes the type-" "specific restriction. As of Linux 4.12, only the type \"asymmetric\" has " "restrictions defined:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Allows only keys that are signed by a key linked to the built-in keyring (\"." "builtin_trusted_keys\")." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Allows only keys that are signed by a key linked to the secondary keyring " "(\".secondary_trusted_keys\") or, by extension, a key in a built-in keyring, " "as the latter is linked to the former." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "BI" msgstr "" #. type: TQ #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "BIB<:chain>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I specifies the ID of a key of type \"asymmetric\", then only keys " "that are signed by this key are allowed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If I specifies the ID of a keyring, then only keys that are signed by a " "key linked to this keyring are allowed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If \":chain\" is specified, keys that are signed by a keys linked to the " "destination keyring (that is, the keyring with the ID specified in the " "I argument) are also allowed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that a restriction can be configured only once for the specified " "keyring; once a restriction is set, it can't be overridden." msgstr "" #. FIXME Document KEYCTL_RESTRICT_KEYRING, added in Linux 4.12 #. commit 6563c91fd645556c7801748f15bc727c77fcd311 #. Author: Mat Martineau #. See Documentation/security/keys.txt #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The argument I is ignored." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "RETURN VALUE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "For a successful call, the return value depends on the operation:" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The ID of the requested keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The ID of the joined session keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The size of the description (including the terminating null byte), " "irrespective of the provided buffer size." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The ID of the key that was found." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The amount of data that is available in the key, irrespective of the " "provided buffer size." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The ID of the previous default keyring to which implicitly requested keys " "were linked (one of B)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Either 0, if the ID given was 0, or the ID of the authorization key matching " "the specified key, if a nonzero key ID was provided." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The size of the LSM security label string (including the terminating null " "byte), irrespective of the provided buffer size." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The ID of the persistent keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The number of bytes copied to the buffer, or, if I is 0, the required " "buffer size." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "All other operations" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Zero." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "On error, -1 is returned, and I is set to indicate the error." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ERRORS" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The requested operation wasn't permitted." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and there was an error during crypto " "module initialization." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the requested link would result in a " "cycle." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the requested keyring " "restriction would result in a cycle." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The key quota for the caller's user would be exceeded by creating a key or " "linking it to the keyring." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and keyring provided in I " "argument already has a restriction set." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and one of the following has failed:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "copying of the I, provided in the I argument, " "from user space;" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "copying of the I, provided in the non-NULL I " "argument, from user space (in case kernel supports performing KDF operation " "on DH operation result);" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "copying of data pointed by the I field of the I from user space;" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "copying of data pointed by the I field of the I from user space if the I field was nonzero;" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "copying of the result to user space." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and an invalid permission bit was " "specified in I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the size of the description in I " "(including the terminating null byte) exceeded 4096 bytes." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "size of the string (including the terminating null byte) specified in " "I (the key type) or I (the key description) exceeded the limit " "(32 bytes and 4096 bytes respectively)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (before Linux 4.12)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I was B, argument I was non-NULL." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B And the digest size of the hashing " "algorithm supplied is zero." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the buffer size provided is not " "enough to hold the result. Provide 0 as a buffer size in order to obtain " "the minimum buffer size." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the hash name provided in the " "I field of the I pointed by I " "argument is too big (the limit is implementation-specific and varies between " "kernel versions, but it is deemed big enough for all valid algorithm names)." msgstr "" #. commit 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the I<__spare> field of the " "I provided in the I argument contains " "nonzero values." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "An expired key was found or specified." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "A rejected key was found or specified." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "A revoked key was found or specified." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the requested link would cause the " "maximum nesting depth for keyrings to be exceeded." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the buffer length exceeds " "B (which is 1024 currently) or the " "I field of the I passed in I " "exceeds B (which is 64 currently)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (before Linux 3.13)" msgstr "" #. commit b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the keyring is full. (Before Linux " "3.13, the available space for storing keyring links was limited to a single " "page of memory; since Linux 3.13, there is no fixed limit.)" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the key to be unlinked isn't linked to " "the keyring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the hashing algorithm specified in " "the I field of the I pointed by I " "argument hasn't been found." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the type provided in I " "argument doesn't support setting key linking restrictions." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "No matching key was found or an invalid key was specified." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The value B was specified in I, the key " "specified in I did not exist, and I was zero (meaning don't " "create the key if it didn't exist)." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "One of kernel memory allocation routines failed during the execution of the " "syscall." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A key of keyring type was expected but the ID of a key with a different type " "was provided." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-rawhide opensuse-tumbleweed msgid "" "I was B and the key type does not support reading (e." "g., the type is I<\\[dq]login\\[dq]>)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the key type does not support updating." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B, the type provided in I " "argument was \"asymmetric\", and the key specified in the restriction " "specification provided in I has type other than \"asymmetric\" or " "\"keyring\"." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B, I specified a UID other " "than the calling thread's real or effective UID, and the caller did not have " "the B capability." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and either: all of the UIDs " "(GIDs) of the parent process do not match the effective UID (GID) of the " "calling process; the UID of the parent's existing session keyring or the UID " "of the caller's session keyring did not match the effective UID of the " "caller; the parent process is not single-thread; or the parent process is " "B(1) or a kernel thread." msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I was B and the initialization of crypto " "modules has timed out." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "VERSIONS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A wrapper is provided in the I library. (The accompanying " "package provides the Ikeyutils.hE> header file.) However, rather " "than using this system call directly, you probably want to use the various " "library functions mentioned in the descriptions of individual operations " "above." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "STANDARDS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "Linux." msgstr "" #. type: SH #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "HISTORY" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "Linux 2.6.10." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The program below provide subset of the functionality of the B(8) program provided by the I package. For informational " "purposes, the program records various information in a log file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As described in B(2), the B(8) program is invoked " "with command-line arguments that describe a key that is to be instantiated. " "The example program fetches and logs these arguments. The program assumes " "authority to instantiate the requested key, and then instantiates that key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The following shell session demonstrates the use of this program. In the " "session, we compile the program and then use it to temporarily replace the " "standard B(8) program. (Note that temporarily disabling the " "standard B(8) program may not be safe on some systems.) While " "our example program is installed, we use the example program shown in " "B(2) to request a key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "$ B\n" "$ B\n" "$ B\n" "$ B<./t_request_key user mykey somepayloaddata>\n" "Key ID is 20d035bf\n" "$ B\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Looking at the log file created by this program, we can see the command-line " "arguments supplied to our example program:" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "" "$ B\n" "Time: Mon Nov 7 13:06:47 2016\n" "\\&\n" "Command line arguments:\n" " argv[0]: /sbin/request-key\n" " operation: create\n" " key_to_instantiate: 20d035bf\n" " UID: 1000\n" " GID: 1000\n" " thread_keyring: 0\n" " process_keyring: 0\n" " session_keyring: 256e6a6\n" "\\&\n" "Key description: user;1000;1000;3f010000;mykey\n" "Auth key payload: somepayloaddata\n" "Destination keyring: 256e6a6\n" "Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The last few lines of the above output show that the example program was " "able to fetch:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "the description of the key to be instantiated, which included the name of " "the key (I);" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "the payload of the authorization key, which consisted of the data " "(I) passed to B(2);" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "the destination keyring that was specified in the call to B(2); " "and" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "the description of the authorization key, where we can see that the name of " "the authorization key matches the ID of the key that is to be instantiated " "(I<20d035bf>)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The example program in B(2) specified the destination keyring " "as B. By examining the contents of I, " "we can see that this was translated to the ID of the destination keyring " "(I<0256e6a6>) shown in the log output above; we can also see the newly " "created key with the name I and ID I<20d035bf>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "$ B\n" "0256e6a6 I--Q--- 194 perm 3f030000 1000 1000 keyring _ses: 3\n" "20d035bf I--Q--- 1 perm 3f010000 1000 1000 user mykey: 16\n" msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Program source" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "" "/* key_instantiate.c */\n" "\\&\n" "#include Eerrno.hE\n" "#include Ekeyutils.hE\n" "#include Estdint.hE\n" "#include Estdio.hE\n" "#include Estdlib.hE\n" "#include Estring.hE\n" "#include Esys/types.hE\n" "#include Etime.hE\n" "\\&\n" "#ifndef KEY_SPEC_REQUESTOR_KEYRING\n" "#define KEY_SPEC_REQUESTOR_KEYRING (-8)\n" "#endif\n" "\\&\n" "int\n" "main(int argc, char *argv[])\n" "{\n" " int akp_size; /* Size of auth_key_payload */\n" " int auth_key;\n" " char dbuf[256];\n" " char auth_key_payload[256];\n" " char *operation;\n" " FILE *fp;\n" " gid_t gid;\n" " uid_t uid;\n" " time_t t;\n" " key_serial_t key_to_instantiate, dest_keyring;\n" " key_serial_t thread_keyring, process_keyring, session_keyring;\n" "\\&\n" " if (argc != 8) {\n" " fprintf(stderr, \"Usage: %s op key uid gid thread_keyring \"\n" " \"process_keyring session_keyring\\en\", argv[0]);\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " fp = fopen(\"/tmp/key_instantiate.log\", \"w\");\n" " if (fp == NULL)\n" " exit(EXIT_FAILURE);\n" "\\&\n" " setbuf(fp, NULL);\n" "\\&\n" " t = time(NULL);\n" " fprintf(fp, \"Time: %s\\en\", ctime(&t));\n" "\\&\n" " /*\n" " * The kernel passes a fixed set of arguments to the program\n" " * that it execs; fetch them.\n" " */\n" " operation = argv[1];\n" " key_to_instantiate = atoi(argv[2]);\n" " uid = atoi(argv[3]);\n" " gid = atoi(argv[4]);\n" " thread_keyring = atoi(argv[5]);\n" " process_keyring = atoi(argv[6]);\n" " session_keyring = atoi(argv[7]);\n" "\\&\n" " fprintf(fp, \"Command line arguments:\\en\");\n" " fprintf(fp, \" argv[0]: %s\\en\", argv[0]);\n" " fprintf(fp, \" operation: %s\\en\", operation);\n" " fprintf(fp, \" key_to_instantiate: %jx\\en\",\n" " (uintmax_t) key_to_instantiate);\n" " fprintf(fp, \" UID: %jd\\en\", (intmax_t) uid);\n" " fprintf(fp, \" GID: %jd\\en\", (intmax_t) gid);\n" " fprintf(fp, \" thread_keyring: %jx\\en\",\n" " (uintmax_t) thread_keyring);\n" " fprintf(fp, \" process_keyring: %jx\\en\",\n" " (uintmax_t) process_keyring);\n" " fprintf(fp, \" session_keyring: %jx\\en\",\n" " (uintmax_t) session_keyring);\n" " fprintf(fp, \"\\en\");\n" "\\&\n" " /*\n" " * Assume the authority to instantiate the key named in argv[2].\n" " */\n" " if (keyctl(KEYCTL_ASSUME_AUTHORITY, key_to_instantiate) == -1) {\n" " fprintf(fp, \"KEYCTL_ASSUME_AUTHORITY failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " /*\n" " * Fetch the description of the key that is to be instantiated.\n" " */\n" " if (keyctl(KEYCTL_DESCRIBE, key_to_instantiate,\n" " dbuf, sizeof(dbuf)) == -1) {\n" " fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " fprintf(fp, \"Key description: %s\\en\", dbuf);\n" "\\&\n" " /*\n" " * Fetch the payload of the authorization key, which is\n" " * actually the callout data given to request_key().\n" " */\n" " akp_size = keyctl(KEYCTL_READ, KEY_SPEC_REQKEY_AUTH_KEY,\n" " auth_key_payload, sizeof(auth_key_payload));\n" " if (akp_size == -1) {\n" " fprintf(fp, \"KEYCTL_READ failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " auth_key_payload[akp_size] = \\[aq]\\e0\\[aq];\n" " fprintf(fp, \"Auth key payload: %s\\en\", auth_key_payload);\n" "\\&\n" " /*\n" " * For interest, get the ID of the authorization key and\n" " * display it.\n" " */\n" " auth_key = keyctl(KEYCTL_GET_KEYRING_ID,\n" " KEY_SPEC_REQKEY_AUTH_KEY);\n" " if (auth_key == -1) {\n" " fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " fprintf(fp, \"Auth key ID: %jx\\en\", (uintmax_t) auth_key);\n" "\\&\n" " /*\n" " * Fetch key ID for the request_key(2) destination keyring.\n" " */\n" " dest_keyring = keyctl(KEYCTL_GET_KEYRING_ID,\n" " KEY_SPEC_REQUESTOR_KEYRING);\n" " if (dest_keyring == -1) {\n" " fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " fprintf(fp, \"Destination keyring: %jx\\en\", (uintmax_t) dest_keyring);\n" "\\&\n" " /*\n" " * Fetch the description of the authorization key. This\n" " * allows us to see the key type, UID, GID, permissions,\n" " * and description (name) of the key. Among other things,\n" " * we will see that the name of the key is a hexadecimal\n" " * string representing the ID of the key to be instantiated.\n" " */\n" " if (keyctl(KEYCTL_DESCRIBE, KEY_SPEC_REQKEY_AUTH_KEY,\n" " dbuf, sizeof(dbuf)) == -1)\n" " {\n" " fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " fprintf(fp, \"Auth key description: %s\\en\", dbuf);\n" "\\&\n" " /*\n" " * Instantiate the key using the callout data that was supplied\n" " * in the payload of the authorization key.\n" " */\n" " if (keyctl(KEYCTL_INSTANTIATE, key_to_instantiate,\n" " auth_key_payload, akp_size + 1, dest_keyring) == -1)\n" " {\n" " fprintf(fp, \"KEYCTL_INSTANTIATE failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" "\\&\n" " exit(EXIT_SUCCESS);\n" "}\n" msgstr "" #. SRC END #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. .BR find_key_by_type_and_name (3) #. There is a man page, but this function seems not to exist #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B(1), B(2), B(2), B(3), " "B(3), B(3), B(3), " "B(3), B(3), B(3), " "B(3), B(3), " "B(3), B(3), " "B(3), B(3), " "B(3), B(3), " "B(3), B(3), B(3), " "B(3), B(3), B(3), " "B(3), B(3), B(3), " "B(3), B(3), " "B(3), B(3), B(3), " "B(3), B(3), " "B(7), B(7), B(7), B(7), " "B(7), B(7), B(7), " "B(7), B(7), B(7), B(7), B(8)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The kernel source files under I (or, before " "Linux 4.13, in the file I)." msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "2023-02-05" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "Linux man-pages 6.03" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Alternatively, Linux Key Management Utilities (I, I<-" "lkeyutils>); see NOTES." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 msgid "" "The payload may be a NULL pointer and the buffer size may be 0 if this is " "supported by the key type (e.g., it is a keyring)." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 msgid "" "The I argument is a pointer to a set of parameters containing serial " "numbers for three I<\"user\"> keys used in the Diffie-Hellman calculation, " "packaged in a structure of the following form:" msgstr "" #. type: Plain text #: debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6 msgid "" "I was B and the key type does not support reading (e." "g., the type is I<\"login\">)." msgstr "" #. type: Plain text #: debian-bookworm msgid "This system call first appeared in Linux 2.6.10." msgstr "" #. type: Plain text #: debian-bookworm msgid "This system call is a nonstandard Linux extension." msgstr "" #. type: SH #: debian-bookworm #, no-wrap msgid "NOTES" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "$ B\n" "Time: Mon Nov 7 13:06:47 2016\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "Command line arguments:\n" " argv[0]: /sbin/request-key\n" " operation: create\n" " key_to_instantiate: 20d035bf\n" " UID: 1000\n" " GID: 1000\n" " thread_keyring: 0\n" " process_keyring: 0\n" " session_keyring: 256e6a6\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "Key description: user;1000;1000;3f010000;mykey\n" "Auth key payload: somepayloaddata\n" "Destination keyring: 256e6a6\n" "Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "/* key_instantiate.c */\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "#include Eerrno.hE\n" "#include Ekeyutils.hE\n" "#include Estdint.hE\n" "#include Estdio.hE\n" "#include Estdlib.hE\n" "#include Estring.hE\n" "#include Esys/types.hE\n" "#include Etime.hE\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "#ifndef KEY_SPEC_REQUESTOR_KEYRING\n" "#define KEY_SPEC_REQUESTOR_KEYRING (-8)\n" "#endif\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" "int\n" "main(int argc, char *argv[])\n" "{\n" " int akp_size; /* Size of auth_key_payload */\n" " int auth_key;\n" " char dbuf[256];\n" " char auth_key_payload[256];\n" " char *operation;\n" " FILE *fp;\n" " gid_t gid;\n" " uid_t uid;\n" " time_t t;\n" " key_serial_t key_to_instantiate, dest_keyring;\n" " key_serial_t thread_keyring, process_keyring, session_keyring;\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " if (argc != 8) {\n" " fprintf(stderr, \"Usage: %s op key uid gid thread_keyring \"\n" " \"process_keyring session_keyring\\en\", argv[0]);\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " fp = fopen(\"/tmp/key_instantiate.log\", \"w\");\n" " if (fp == NULL)\n" " exit(EXIT_FAILURE);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid " setbuf(fp, NULL);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " t = time(NULL);\n" " fprintf(fp, \"Time: %s\\en\", ctime(&t));\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * The kernel passes a fixed set of arguments to the program\n" " * that it execs; fetch them.\n" " */\n" " operation = argv[1];\n" " key_to_instantiate = atoi(argv[2]);\n" " uid = atoi(argv[3]);\n" " gid = atoi(argv[4]);\n" " thread_keyring = atoi(argv[5]);\n" " process_keyring = atoi(argv[6]);\n" " session_keyring = atoi(argv[7]);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " fprintf(fp, \"Command line arguments:\\en\");\n" " fprintf(fp, \" argv[0]: %s\\en\", argv[0]);\n" " fprintf(fp, \" operation: %s\\en\", operation);\n" " fprintf(fp, \" key_to_instantiate: %jx\\en\",\n" " (uintmax_t) key_to_instantiate);\n" " fprintf(fp, \" UID: %jd\\en\", (intmax_t) uid);\n" " fprintf(fp, \" GID: %jd\\en\", (intmax_t) gid);\n" " fprintf(fp, \" thread_keyring: %jx\\en\",\n" " (uintmax_t) thread_keyring);\n" " fprintf(fp, \" process_keyring: %jx\\en\",\n" " (uintmax_t) process_keyring);\n" " fprintf(fp, \" session_keyring: %jx\\en\",\n" " (uintmax_t) session_keyring);\n" " fprintf(fp, \"\\en\");\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Assume the authority to instantiate the key named in argv[2].\n" " */\n" " if (keyctl(KEYCTL_ASSUME_AUTHORITY, key_to_instantiate) == -1) {\n" " fprintf(fp, \"KEYCTL_ASSUME_AUTHORITY failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Fetch the description of the key that is to be instantiated.\n" " */\n" " if (keyctl(KEYCTL_DESCRIBE, key_to_instantiate,\n" " dbuf, sizeof(dbuf)) == -1) {\n" " fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid " fprintf(fp, \"Key description: %s\\en\", dbuf);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Fetch the payload of the authorization key, which is\n" " * actually the callout data given to request_key().\n" " */\n" " akp_size = keyctl(KEYCTL_READ, KEY_SPEC_REQKEY_AUTH_KEY,\n" " auth_key_payload, sizeof(auth_key_payload));\n" " if (akp_size == -1) {\n" " fprintf(fp, \"KEYCTL_READ failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " auth_key_payload[akp_size] = \\[aq]\\e0\\[aq];\n" " fprintf(fp, \"Auth key payload: %s\\en\", auth_key_payload);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * For interest, get the ID of the authorization key and\n" " * display it.\n" " */\n" " auth_key = keyctl(KEYCTL_GET_KEYRING_ID,\n" " KEY_SPEC_REQKEY_AUTH_KEY);\n" " if (auth_key == -1) {\n" " fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid " fprintf(fp, \"Auth key ID: %jx\\en\", (uintmax_t) auth_key);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Fetch key ID for the request_key(2) destination keyring.\n" " */\n" " dest_keyring = keyctl(KEYCTL_GET_KEYRING_ID,\n" " KEY_SPEC_REQUESTOR_KEYRING);\n" " if (dest_keyring == -1) {\n" " fprintf(fp, \"KEYCTL_GET_KEYRING_ID failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid " fprintf(fp, \"Destination keyring: %jx\\en\", (uintmax_t) dest_keyring);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Fetch the description of the authorization key. This\n" " * allows us to see the key type, UID, GID, permissions,\n" " * and description (name) of the key. Among other things,\n" " * we will see that the name of the key is a hexadecimal\n" " * string representing the ID of the key to be instantiated.\n" " */\n" " if (keyctl(KEYCTL_DESCRIBE, KEY_SPEC_REQKEY_AUTH_KEY,\n" " dbuf, sizeof(dbuf)) == -1)\n" " {\n" " fprintf(fp, \"KEYCTL_DESCRIBE failed: %s\\en\", strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid " fprintf(fp, \"Auth key description: %s\\en\", dbuf);\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " /*\n" " * Instantiate the key using the callout data that was supplied\n" " * in the payload of the authorization key.\n" " */\n" " if (keyctl(KEYCTL_INSTANTIATE, key_to_instantiate,\n" " auth_key_payload, akp_size + 1, dest_keyring) == -1)\n" " {\n" " fprintf(fp, \"KEYCTL_INSTANTIATE failed: %s\\en\",\n" " strerror(errno));\n" " exit(EXIT_FAILURE);\n" " }\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 #, no-wrap msgid "" " exit(EXIT_SUCCESS);\n" "}\n" msgstr "" #. type: TH #: fedora-40 mageia-cauldron #, no-wrap msgid "2023-11-01" msgstr "" #. type: TH #: fedora-40 mageia-cauldron #, no-wrap msgid "Linux man-pages 6.06" msgstr "" #. type: TH #: fedora-rawhide #, no-wrap msgid "2024-02-25" msgstr "" #. type: TH #: fedora-rawhide #, no-wrap msgid "Linux man-pages 6.7" msgstr "" #. type: TH #: opensuse-leap-15-6 #, no-wrap msgid "2023-03-30" msgstr "" #. type: TH #: opensuse-leap-15-6 #, no-wrap msgid "Linux man-pages 6.04" msgstr "" #. type: TH #: opensuse-tumbleweed #, no-wrap msgid "Linux man-pages (unreleased)" msgstr ""