diff options
| author | David Howells <dhowells@redhat.com> | 2005-10-07 10:04:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-10-08 17:53:31 -0400 |
| commit | f1a9badcf6ecad9975240d94514721cb93932151 (patch) | |
| tree | dc37fe427d645dd84331b7385523b39efa41ffad /Documentation/keys.txt | |
| parent | 74fd92c511bd4a0771ac0faaaef38bb1be3a29f6 (diff) | |
[PATCH] Keys: Add request-key process documentation
The attached patch adds documentation for the process by which request-key
works, including how it permits helper processes to gain access to the
requestor's keyrings.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
| -rw-r--r-- | Documentation/keys.txt | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt index b22e7c8d059a..4afe03a58c5b 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt | |||
| @@ -361,6 +361,8 @@ The main syscalls are: | |||
| 361 | /sbin/request-key will be invoked in an attempt to obtain a key. The | 361 | /sbin/request-key will be invoked in an attempt to obtain a key. The |
| 362 | callout_info string will be passed as an argument to the program. | 362 | callout_info string will be passed as an argument to the program. |
| 363 | 363 | ||
| 364 | See also Documentation/keys-request-key.txt. | ||
| 365 | |||
| 364 | 366 | ||
| 365 | The keyctl syscall functions are: | 367 | The keyctl syscall functions are: |
| 366 | 368 | ||
| @@ -533,8 +535,8 @@ The keyctl syscall functions are: | |||
| 533 | 535 | ||
| 534 | (*) Read the payload data from a key: | 536 | (*) Read the payload data from a key: |
| 535 | 537 | ||
| 536 | key_serial_t keyctl(KEYCTL_READ, key_serial_t keyring, char *buffer, | 538 | long keyctl(KEYCTL_READ, key_serial_t keyring, char *buffer, |
| 537 | size_t buflen); | 539 | size_t buflen); |
| 538 | 540 | ||
| 539 | This function attempts to read the payload data from the specified key | 541 | This function attempts to read the payload data from the specified key |
| 540 | into the buffer. The process must have read permission on the key to | 542 | into the buffer. The process must have read permission on the key to |
| @@ -555,9 +557,9 @@ The keyctl syscall functions are: | |||
| 555 | 557 | ||
| 556 | (*) Instantiate a partially constructed key. | 558 | (*) Instantiate a partially constructed key. |
| 557 | 559 | ||
| 558 | key_serial_t keyctl(KEYCTL_INSTANTIATE, key_serial_t key, | 560 | long keyctl(KEYCTL_INSTANTIATE, key_serial_t key, |
| 559 | const void *payload, size_t plen, | 561 | const void *payload, size_t plen, |
| 560 | key_serial_t keyring); | 562 | key_serial_t keyring); |
| 561 | 563 | ||
| 562 | If the kernel calls back to userspace to complete the instantiation of a | 564 | If the kernel calls back to userspace to complete the instantiation of a |
| 563 | key, userspace should use this call to supply data for the key before the | 565 | key, userspace should use this call to supply data for the key before the |
| @@ -576,8 +578,8 @@ The keyctl syscall functions are: | |||
| 576 | 578 | ||
| 577 | (*) Negatively instantiate a partially constructed key. | 579 | (*) Negatively instantiate a partially constructed key. |
| 578 | 580 | ||
| 579 | key_serial_t keyctl(KEYCTL_NEGATE, key_serial_t key, | 581 | long keyctl(KEYCTL_NEGATE, key_serial_t key, |
| 580 | unsigned timeout, key_serial_t keyring); | 582 | unsigned timeout, key_serial_t keyring); |
| 581 | 583 | ||
| 582 | If the kernel calls back to userspace to complete the instantiation of a | 584 | If the kernel calls back to userspace to complete the instantiation of a |
| 583 | key, userspace should use this call mark the key as negative before the | 585 | key, userspace should use this call mark the key as negative before the |
| @@ -688,6 +690,8 @@ payload contents" for more information. | |||
| 688 | If successful, the key will have been attached to the default keyring for | 690 | If successful, the key will have been attached to the default keyring for |
| 689 | implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. | 691 | implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. |
| 690 | 692 | ||
| 693 | See also Documentation/keys-request-key.txt. | ||
| 694 | |||
| 691 | 695 | ||
| 692 | (*) When it is no longer required, the key should be released using: | 696 | (*) When it is no longer required, the key should be released using: |
| 693 | 697 | ||