.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. .\" Written by David Howells (dhowells@redhat.com) .\" and Copyright (C) 2016 Michael Kerrisk .\" .\" %%%LICENSE_START(GPLv2+_SW_ONEPARA) .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version .\" 2 of the License, or (at your option) any later version. .\" %%%LICENSE_END .\" .TH REQUEST_KEY 2 2016-10-08 Linux "Linux Key Management Calls" .SH NAME request_key \- request a key from the kernel's key management facility .SH SYNOPSIS .nf .B #include .B #include .sp .BI "key_serial_t request_key(const char *" type ", const char *" description , .BI " const char *" callout_info , .BI " key_serial_t " keyring ");" .fi No glibc wrapper is provided for this system call; see NOTES. .SH DESCRIPTION .BR request_key () attempts to find a key of the given .I type with a description (name) that matches the specified .IR description . If the key is found, .BR request_key () attaches it to the nominated .I keyring and returns the key's serial number. .P .BR request_key () first recursively searches for a matching key in all of the keyrings attached to the calling process. The keyrings are searched in the order: thread-specific keyring, process-specific keyring, and then session keyring. .P .\" FIXME: The foillowing paragraph could be clearer If .BR request_key () is called from a program invoked by .BR request_key () on behalf of some other process to generate a key, then the keyrings of that other process will be searched next, using that other process's user ID, group ID, supplementary group IDs, and security context to control access. .P The search of the keyring tree is breadth-first: the keys in each keyring searched are checked for a match before any child keyrings are recursed into. Only keys for which the caller has .I search permission be found, and only keyrings for which the caller has .I search permission may be searched. .P If the key is not found, then, if .I callout_info is not NULL, the kernel will attempt to look further afield. In this case, the following steps are performed: .IP 1. 4 The kernel creates an uninstantiated key, U, with the requested .I type and .IR description . .IP 2. The kernel creates an authorization key, V, that refers to the key U and notes that the caller of .BR request_key (2) is (1) the context in which the key U should be instantiated and secured, and (2) the context from which associated key requests may be satisfied. The payload of the authorization key is the data supplied in .IR callout_info . .IP 3. The kernel creates a process that executes a user-space service such as .BR request-key (8) with a new session keyring that contains a link to the authorization key, V. .IP 4. The program spawned in the previous step: .RS .IP * 3 Assumes the authority to instantiate the key U using the .BR keyctl (2) .BR KEYCTL_ASSUME_AUTHORITY operation. .IP * Obtains the callout data from the authorization key V (using the .BR keyctl (2) .BR KEYCTL_READ operation with a key ID value of .BR KEY_SPEC_REQKEY_AUTH_KEY ). .IP * Instantiates the key (or execs another program that performs that task). .RE .P If these steps are also unsuccessful, then an error will be returned, and a temporary negative key will be installed in the nominated .IR keyring . .\" FIXME Is 'keyring' allowed to be NULL? Reading the source, it appears so, .\" with the result that the key is linked into a default keyring .\" as specified by KEYCTL_SET_REQKEY_KEYRING. This will expire after a few seconds, but will cause subsequent calls to .BR request_key () .\" FIXME Need an explanation here of why this is done. to fail until it does. .P The .I keyring serial number may be that of a valid keyring to which the caller has write permission, or it may be one of the following special keyring IDs: .TP .B KEY_SPEC_THREAD_KEYRING This specifies the caller's thread-specific keyring .RB ( thread-keyring (7)). .TP .B KEY_SPEC_PROCESS_KEYRING This specifies the caller's process-specific keyring .RB ( process-keyring (7)). .TP .B KEY_SPEC_SESSION_KEYRING This specifies the caller's session-specific keyring .RB ( session-keyring (7)). .TP .B KEY_SPEC_USER_KEYRING This specifies the caller's UID-specific keyring .RB ( user-keyring (7)). .TP .B KEY_SPEC_USER_SESSION_KEYRING This specifies the caller's UID-session keyring .RB ( user-session-keyring (7)). .P If a key is created, then\(emregardless of whether it is a valid key or a negative key\(emit will displace any other key with the same type and description from the destination .IR keyring . .SH RETURN VALUE On success, .BR request_key () returns the serial number of the key it found or caused to be created. On error, \-1 is returned and .I errno is set to indicate the cause of the error. .SH ERRORS .TP .B EACCES The keyring wasn't available for modification by the user. .TP .B EDQUOT The key quota for this user would be exceeded by creating this key or linking it to the keyring. .TP .B EINTR The request was interrupted by a signal; see .BR signal (7). .TP .B EKEYEXPIRED An expired key was found, but no replacement could be obtained. .TP .B EKEYREJECTED The attempt to generate a new key was rejected. .TP .B EKEYREVOKED A revoked key was found, but no replacement could be obtained. .TP .B ENOKEY No matching key was found. .TP .B ENOMEM Insufficient memory to create a key. .SH VERSIONS This system call first appeared in Linux 2.6.11. .SH CONFORMING TO This system call is a nonstandard Linux extension. .SH NOTES No wrapper for this system call is provided in glibc. A wrapper is provided in the .IR libkeyutils package. When employing the wrapper in that library, link with .IR \-lkeyutils . .SH EXAMPLE The program below demonstrates the use of .BR request_key (). The .IR type , .IR description , and .BR callout_info arguments for the system call are taken from the values supplied in the command line arguments. The call specifies the session keyring as the target keyring. In order to demonstrate this program, we first create a suitable entry in the file .IR /etc/request-key.conf . .in +4n .nf $ sudo sh # \fBecho 'create user mtk:* * /bin/keyctl instantiate %k %c %S' \\\fP \fB> /etc/request-keys.conf\fP # \fBexit\fP .fi .in This entry specifies that when a new "user" key with the prefix "mtk:" must be instantiated, that task should be performed via the .BR keyctl (1) command's .B instantiate operation. (The program could The arguments supplied to the .B instantiate operation are: the ID of the uninstantiated key .RI ( %k ); the callout data supplied to the .BR request_key () call .RI ( %c ); and the session keyring .RI ( %S ) of the requestor (i.e., the caller of .BR request)key ()). i(See .BR request-key.conf (5) for details of these .I % specifiers.) Then we run the program and check the contents of .IR /proc/keys to verify that the requested kay has been instantiated: .in +4n .nf $ \fB./a.out user mtk:key1 "Payload data"\fP $ \fBgrep \(aq2dddaf50\(aq /proc/keys\fP 2dddaf50 I--Q--- 1 perm 3f010000 1000 1000 user mtk:key1: 12 .fi .in .SS Program source \& .nf #include #include #include #include #include #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\ } while (0) int main(int argc, char *argv[]) { key_serial_t key; if (argc != 4) { fprintf(stderr, "Usage: %s type description callout\-data\\n", argv[0]); exit(EXIT_FAILURE); } key = request_key(argv[1], argv[2], argv[3], KEY_SPEC_SESSION_KEYRING); if (key == \-1) errExit("request_key"); printf("Key ID is %lx\\n", (long) key); exit(EXIT_SUCCESS); } .fi .SH SEE ALSO .BR keyctl (1), .BR add_key (2), .BR keyctl (2), .BR keyctl (3), .BR keyrings (7), .BR keyutils (7), .BR persistent-keyring (7), .BR process-keyring (7), .BR session-keyring (7), .BR thread-keyring (7), .BR user-keyring (7), .BR user-session-keyring (7), .BR request-key (8) The kernel source files .IR Documentation/security/keys.txt and .IR Documentation/security/keys-request-key.txt .