request_key(2) System Calls Manual request_key(2) request_key - LIBRARY Linux Key Management Utilities (libkeyutils, -lkeyutils) #include key_serial_t request_key(const char *type, const char *description, const char *_Nullable callout_info, key_serial_t dest_keyring); request_key() type (), description. , . , request_key() , keyring, . request_key() , . : , . request_key() , request_key() - , , , . : . , , . callout NULL, ENOKEY. callout NULL, . . dest_keyring , , : KEY_SPEC_THREAD_KEYRING ( thread-keyring(7)). KEY_SPEC_PROCESS_KEYRING ( process-keyring(7)). KEY_SPEC_SESSION_KEYRING ( session-keyring(7)). KEY_SPEC_USER_KEYRING UID ( user-keyring(7)). KEY_SPEC_USER_SESSION_KEYRING UID ( user-session-keyring(7)). dest_keyring 0 , . , dest_keyring 0 , << >>. , , , keyctl(2) KEYCTL_SET_REQKEY_KEYRING , , : o (KEY_REQKEY_DEFL_REQUESTOR_KEYRING, Linux 2.6.29). o (KEY_REQKEY_DEFL_THREAD_KEYRING; thread-keyring(7)). o (KEY_REQKEY_DEFL_PROCESS_KEYRING; process-keyring(7)). o (KEY_REQKEY_DEFL_SESSION_KEYRING; session-keyring(7)). o (KEY_REQKEY_DEFL_USER_SESSION_KEYRING; user-session-keyring(7)). , . o (KEY_REQKEY_DEFL_USER_KEYRING; user-keyring(7)). , . keyctl(2) KEYCTL_SET_REQKEY_KEYRING KEY_REQKEY_DEFL_DEFAULT ( KEYCTL_SET_REQKEY_KEYRING ), . type description, callout NULL, type description. : (1) U type description. (2) V, U request_key(): (2.1) , U (2.2) , . : o The key type is ".request_key_auth". o UID GID ID . o , -, . o () , . o callout_info. o PID , request_key(). (3) , , request-key(8), V. : [0] The string "/sbin/request-key". [1] The string "create" (indicating that a key is to be created). [2] , . [3] UID ( ) request_key(). [4] GID ( ) request_key(). [5] request_key(). , . [6] request_key(). , . [7] request_key(). : , , ( , /proc/keys, ). (4) , : o U keyctl(2) KEYCTL_ASSUME_AUTHORITY (, keyctl_assume_authority(3)). o (callout data) V ( keyctl(2) KEYCTL_READ (, , keyctl_read(3)) KEY_SPEC_REQKEY_AUTH_KEY. o ( , ), ( , request_key(), KEY_SPEC_REQUESTOR_KEYRING). keyctl() KEYCTL_INSTANTIATE (, , keyctl_instantiate(3)). request_key() . - , request_key() ENOKEY dest_keyring . , request_key() . ( ) ( request-key(8)) , ( ) . , (KEY_SPEC_REQKEY_AUTH_KEY) (KEY_SPEC_REQUESTOR_KEYRING) request-key(8). If a key is created, then--regardless of whether it is a valid key or a negatively instantiated key--it will displace any other key with the same type and description from the keyring specified in dest_keyring. On success, request_key() returns the serial number of the key it found or caused to be created. On error, -1 is returned and errno is set to indicate the error. EACCES . EDQUOT , . EFAULT type, description callout_info . EINTR ; signal(7). EINVAL ( null), type description, (32 4096 , ). EINVAL ( null), callout_info, . EKEYEXPIRED , . EKEYREJECTED . EKEYREVOKED , . ENOKEY . ENOMEM . EPERM The type argument started with a period ('.'). Linux. Linux 2.6.10. The ability to instantiate keys upon request was added in Linux 2.6.13. , , request_key(). type, description callout_info , . . /etc/request-key.conf. $ sudo sh # echo 'create user mtk:* * /bin/keyctl instantiate %k %c %S' \ > /etc/request-key.conf # exit , <> <>, keyctl(1) instantiate. , instantiate: (%k); , request_key() (%c); (%S) (. ., request_key()). % request-key.conf(5). /proc/keys, , : $ ./t_request_key user mtk:key1 "Payload data" $ grep '2dddaf50' /proc/keys 2dddaf50 I--Q--- 1 perm 3f010000 1000 1000 user mtk:key1: 12 keyctl(2). /* t_request_key.c */ #include #include #include #include int main(int argc, char *argv[]) { key_serial_t key; if (argc != 4) { fprintf(stderr, "Usage: %s type description callout-data\n", argv[0]); exit(EXIT_FAILURE); } key = request_key(argv[1], argv[2], argv[3], KEY_SPEC_SESSION_KEYRING); if (key == -1) { perror("request_key"); exit(EXIT_FAILURE); } printf("Key ID is %jx\n", (uintmax_t) key); exit(EXIT_SUCCESS); } keyctl(1), add_key(2), keyctl(2), keyctl(3), capabilities(7), keyrings(7), keyutils(7), persistent-keyring(7), process-keyring(7), session-keyring(7), thread-keyring(7), user-keyring(7), user-session-keyring(7), request-key(8) Documentation/security/keys/core.rst Documentation/keys/request-key.rst (, Linux 4.13, Documentation/security/keys.txt Documentation/security/keys-request-key.txt). aereiae , Azamat Hackimov , Dmitriy S. Seregin , Katrin Kutepova , Lockal , Yuri Kozlov , ; GNU (GNU General Public License - GPL, 3 ) , - . - , , <>. Linux man-pages 6.8 2 2024 . request_key(2)