diff options
author | David Howells <dhowells@redhat.com> | 2010-02-22 15:49:30 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2010-02-22 16:13:06 +0000 |
commit | 739828b00e1761bfe330e9b5afc8a903d2ace0b2 (patch) | |
tree | b02e3b895a4bc33a8321795a16756206d2766ace | |
parent | c5da8369a833b818df5ed0a8600442fda26465d9 (diff) | |
download | keyutils-739828b00e1761bfe330e9b5afc8a903d2ace0b2.tar.gz |
keyutils historical version 1.2
- Remove syscall manual pages (section 2) to man-pages package [BZ 203582]
- Don't write to serial port in debugging script
- Call ldconfig during (un)installation.
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | add_key.2 | 137 | ||||
-rw-r--r-- | keyctl.2 | 166 | ||||
-rw-r--r-- | keyutils.spec | 15 | ||||
-rwxr-xr-x | request-key-debug.sh | 27 | ||||
-rw-r--r-- | request_key.2 | 141 |
6 files changed, 25 insertions, 467 deletions
@@ -2,7 +2,7 @@ CFLAGS := -g -O2 -Wall INSTALL := install DESTDIR := MAJOR := 1 -MINOR := 1 +MINOR := 2 VERSION := $(MAJOR).$(MINOR) NO_GLIBC_KEYERR := 0 NO_GLIBC_KEYSYS := 0 @@ -80,7 +80,6 @@ request-key: request-key.c keyutils.h Makefile MAN1 := $(DESTDIR)/usr/share/man/man1 -MAN2 := $(DESTDIR)/usr/share/man/man2 MAN3 := $(DESTDIR)/usr/share/man/man3 MAN5 := $(DESTDIR)/usr/share/man/man5 MAN8 := $(DESTDIR)/usr/share/man/man8 @@ -98,9 +97,6 @@ endif $(INSTALL) -D request-key-debug.sh $(DESTDIR)$(SHAREDIR)/request-key-debug.sh $(INSTALL) -D -m 0644 request-key.conf $(DESTDIR)$(ETCDIR)/request-key.conf $(INSTALL) -D -m 0644 keyctl.1 $(MAN1)/keyctl.1 - $(INSTALL) -D -m 0644 add_key.2 $(MAN2)/add_key.2 - $(INSTALL) -D -m 0644 keyctl.2 $(MAN2)/keyctl.2 - $(INSTALL) -D -m 0644 request_key.2 $(MAN2)/request_key.2 $(INSTALL) -D -m 0644 keyctl_chown.3 $(MAN3)/keyctl_chown.3 $(INSTALL) -D -m 0644 keyctl_clear.3 $(MAN3)/keyctl_clear.3 $(INSTALL) -D -m 0644 keyctl_describe.3 $(MAN3)/keyctl_describe.3 diff --git a/add_key.2 b/add_key.2 deleted file mode 100644 index e713f00..0000000 --- a/add_key.2 +++ /dev/null @@ -1,137 +0,0 @@ -.\" -.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" This program is free software; you can redistribute it and/or -.\" modify it under the terms of the GNU General Public License -.\" as published by the Free Software Foundation; either version -.\" 2 of the License, or (at your option) any later version. -.\" -.TH ADD_KEY 2 "4 May 2006" Linux "Linux Key Management Calls" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH NAME -add_key \- Add a key to the kernel's key management facility -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SYNOPSIS -.nf -.B #include <keyutils.h> -.sp -.BI "key_serial_t add_key(const char *" type ", const char *" description , -.BI "const void *" payload ", size_t " plen ", key_serial_t " keyring ");" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH DESCRIPTION -.BR add_key () -asks the kernel to create or update a key of the given -.I type -and -.IR description , -instantiate it with the -.I payload -of length -.IR plen , -and to attach it to the nominated -.I keyring -and to return its serial number. -.P -The key type may reject the data if it's in the wrong format or in some other -way invalid. -.P -If the destination -.I keyring -already contains a key that matches the specified -.IR type " and " description -then, if the key type supports it, that key will be updated rather than a new -key being created; if not, a new key will be created and it will displace the -link to the extant key from the keyring. -.P -The destination -.I keyring -serial number may be that of a valid keyring to which the caller has write -permission, or it may be a special keyring ID: -.TP -.B KEY_SPEC_THREAD_KEYRING -This specifies the caller's thread-specific keyring. -.TP -.B KEY_SPEC_PROCESS_KEYRING -This specifies the caller's process-specific keyring. -.TP -.B KEY_SPEC_SESSION_KEYRING -This specifies the caller's session-specific keyring. -.TP -.B KEY_SPEC_USER_KEYRING -This specifies the caller's UID-specific keyring. -.TP -.B KEY_SPEC_USER_SESSION_KEYRING -This specifies the caller's UID-session keyring. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH KEY TYPES -There are a number of key types available in the core key management code, and -these can be specified to this function: -.TP -.B \*(lquser\*(rq -Keys of the user-defined key type may contain a blob of arbitrary data, and the -.I description -may be any valid string, though it is preferred that the description be -prefixed with a string representing the service to which the key is of interest -and a colon (for instance -.RB \*(lq afs:mykey \*(rq). -The -.I payload -may be empty or -.B NULL -for keys of this type. -.TP -.B \*(lqkeyring\*(rq -Keyrings are special key types that may contain links to sequences of other -keys of any type. If this interface is used to create a keyring, then a -.B NULL -.I payload -should be specified, and -.I plen -should be zero. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH RETURN VALUE -On success -.BR add_key () -returns the serial number of the key it created or updated. -On error, the value -.B -1 -will be returned and errno will have been set to an appropriate error. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH ERRORS -.TP -.B ENOKEY -The keyring doesn't exist. -.TP -.B EKEYEXPIRED -The keyring has expired. -.TP -.B EKEYREVOKED -The keyring has been revoked. -.TP -.B EINVAL -The payload data was invalid. -.TP -.B ENOMEM -Insufficient memory to create a key. -.TP -.B EDQUOT -The key quota for this user would be exceeded by creating this key or linking -it to the keyring. -.TP -.B EACCES -The keyring wasn't available for modification by the user. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH LINKING -Although this is a Linux system call, it is not present in -.I libc -but can be found rather in -.IR libkeyutils . -When linking, -.B -lkeyutils -should be specified to the linker. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SEE ALSO -.BR keyctl (1), -.BR keyctl (2), -.BR request_key (2) diff --git a/keyctl.2 b/keyctl.2 deleted file mode 100644 index 9769b16..0000000 --- a/keyctl.2 +++ /dev/null @@ -1,166 +0,0 @@ -.\" -.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" This program is free software; you can redistribute it and/or -.\" modify it under the terms of the GNU General Public License -.\" as published by the Free Software Foundation; either version -.\" 2 of the License, or (at your option) any later version. -.\" -.TH KEYCTL 2 "4 May 2006" Linux "Linux Key Management Calls" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH NAME -keyctl \- Manipulate the kernel's key management facility -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SYNOPSIS -.nf -.B #include <keyutils.h> -.sp -.BI "long keyctl(int " cmd ", ...);" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH DESCRIPTION -.BR keyctl () -has a number of functions available: -.TP -.B KEYCTL_GET_KEYRING_ID -Ask for a keyring's ID. -.TP -.B KEYCTL_JOIN_SESSION_KEYRING -Join or start named session keyring. -.TP -.B KEYCTL_UPDATE -Update a key. -.TP -.B KEYCTL_REVOKE -Revoke a key. -.TP -.B KEYCTL_CHOWN -Set ownership of a key. -.TP -.B KEYCTL_SETPERM -Set perms on a key. -.TP -.B KEYCTL_DESCRIBE -Describe a key. -.TP -.B KEYCTL_CLEAR -Clear contents of a keyring. -.TP -.B KEYCTL_LINK -Link a key into a keyring. -.TP -.B KEYCTL_UNLINK -Unlink a key from a keyring. -.TP -.B KEYCTL_SEARCH -Search for a key in a keyring. -.TP -.B KEYCTL_READ -Read a key or keyring's contents. -.TP -.B KEYCTL_INSTANTIATE -Instantiate a partially constructed key. -.TP -.B KEYCTL_NEGATE -Negate a partially constructed key. -.TP -.B KEYCTL_SET_REQKEY_KEYRING -Set default request-key keyring. -.TP -.B KEYCTL_SET_TIMEOUT -Set timeout on a key. -.TP -.B KEYCTL_ASSUME_AUTHORITY -Assume authority to instantiate key. -.P -These are wrapped by -.B libkeyutils -into individual functions to permit compiler the compiler to check types. -See the -.B See Also -section at the bottom. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH RETURN VALUE -On success -.BR keyctl () -returns the serial number of the key it found. -On error, the value -.B -1 -will be returned and errno will have been set to an appropriate error. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH ERRORS -.TP -.B ENOKEY -No matching key was found or an invalid key was specified. -.TP -.B EKEYEXPIRED -An expired key was found or specified. -.TP -.B EKEYREVOKED -A revoked key was found or specified. -.TP -.B EKEYREJECTED -A rejected key was found or specified. -.TP -.B EDQUOT -The key quota for the caller's user would be exceeded by creating a key or -linking it to the keyring. -.TP -.B EACCES -A key operation wasn't permitted. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH LINKING -Although this is a Linux system call, it is not present in -.I libc -but can be found rather in -.IR libkeyutils . -When linking, -.B -lkeyutils -should be specified to the linker. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SEE ALSO -.BR keyctl (1), -.br -.BR add_key (2), -.br -.BR request_key (2), -.br -.BR keyctl_get_keyring_ID (3), -.br -.BR keyctl_join_session_keyring (3), -.br -.BR keyctl_update (3), -.br -.BR keyctl_revoke (3), -.br -.BR keyctl_chown (3), -.br -.BR keyctl_setperm (3), -.br -.BR keyctl_describe (3), -.br -.BR keyctl_clear (3), -.br -.BR keyctl_link (3), -.br -.BR keyctl_unlink (3), -.br -.BR keyctl_search (3), -.br -.BR keyctl_read (3), -.br -.BR keyctl_instantiate (3), -.br -.BR keyctl_negate (3), -.br -.BR keyctl_set_reqkey_keyring (3), -.br -.BR keyctl_set_timeout (3), -.br -.BR keyctl_assume_authority (3), -.br -.BR keyctl_describe_alloc (3), -.br -.BR keyctl_read_alloc (3), -.br -.BR request-key (8) diff --git a/keyutils.spec b/keyutils.spec index a68a103..4abec01 100644 --- a/keyutils.spec +++ b/keyutils.spec @@ -1,12 +1,12 @@ %define vermajor 1 -%define version %{vermajor}.1 +%define version %{vermajor}.2 %define libdir /%{_lib} %define usrlibdir %{_prefix}/%{_lib} Summary: Linux Key Management Utilities Name: keyutils Version: %{version} -Release: 3%{?dist} +Release: 1%{?dist} License: GPL/LGPL Group: System Environment/Base ExclusiveOS: Linux @@ -62,6 +62,9 @@ make \ %clean rm -rf $RPM_BUILD_ROOT +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + %files %defattr(-,root,root,-) %doc README LICENCE.GPL @@ -83,10 +86,16 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %{usrlibdir}/libkeyutils.so %{_includedir}/* -%{_mandir}/man2/* %{_mandir}/man3/* %changelog +* Tue Aug 22 2006 David Howells <dhowells@redhat.com> - 1.2-1 +- Remove syscall manual pages (section 2) to man-pages package [BZ 203582] +- Don't write to serial port in debugging script + +* Mon Jun 5 2006 David Howells <dhowells@redhat.com> - 1.1-4 +- Call ldconfig during (un)installation. + * Fri May 5 2006 David Howells <dhowells@redhat.com> - 1.1-3 - Don't include the release number in the shared library filename - Don't build static library diff --git a/request-key-debug.sh b/request-key-debug.sh index ece42a4..83af01d 100755 --- a/request-key-debug.sh +++ b/request-key-debug.sh @@ -16,21 +16,18 @@ # Call: request-key-debug.sh <keyid> <desc> <callout> <session-keyring> # -{ - echo RQDebug keyid: $1 - echo RQDebug desc: $2 - echo RQDebug callout: $3 - echo RQDebug session keyring: $4 +echo RQDebug keyid: $1 +echo RQDebug desc: $2 +echo RQDebug callout: $3 +echo RQDebug session keyring: $4 - if [ "$3" != "neg" ] - then - keyctl instantiate $1 "Debug $3" $4 || exit 1 - else - cat /proc/keys - echo keyctl negate $1 30 $4 - keyctl negate $1 30 $4 - fi - -} >&/dev/ttyS0 +if [ "$3" != "neg" ] +then + keyctl instantiate $1 "Debug $3" $4 || exit 1 +else + cat /proc/keys + echo keyctl negate $1 30 $4 + keyctl negate $1 30 $4 +fi exit 0 diff --git a/request_key.2 b/request_key.2 deleted file mode 100644 index aeb5110..0000000 --- a/request_key.2 +++ /dev/null @@ -1,141 +0,0 @@ -.\" -.\" Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. -.\" Written by David Howells (dhowells@redhat.com) -.\" -.\" This program is free software; you can redistribute it and/or -.\" modify it under the terms of the GNU General Public License -.\" as published by the Free Software Foundation; either version -.\" 2 of the License, or (at your option) any later version. -.\" -.TH REQUEST_KEY 2 "4 May 2006" Linux "Linux Key Management Calls" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH NAME -request_key \- Request a key from the kernel's key management facility -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SYNOPSIS -.nf -.B #include <keyutils.h> -.sp -.BI "key_serial_t request_key(const char *" type ", const char *" description , -.BI "const char *" callout_info ", key_serial_t " keyring ");" -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH DESCRIPTION -.BR request_key () -asks the kernel to find a key of the given -.I type -that matches the specified -.I description -and, if successful, to attach it to the nominated -.I keyring -and to return its serial number. -.P -.BR request_key () -first recursively searches all the keyrings attached to the calling process in -the order thread-specific keyring, process-specific keyring and then session -keyring for a matching key. -.P -If -.BR request_key () -is called from a program invoked by -.BR request_key () -on behalf of some other process to generate a key, then the keyrings of that -other process will be searched next, using that other process's UID, GID, -groups and security context to control access. -.P -The keys in each keyring searched are checked for a match before any child -keyrings are recursed into. Only keys that are -.B searchable -for the caller may be found, and only -.B searchable -keyrings may be searched. -.P -If the key is not found then, if -.I callout_info -is set, this function will attempt to look further afield. In such a case, the -.I callout_info -is passed to a userspace service such as -.B /sbin/request\-key -to generate the key. -.P -If that is unsuccessful also, then an error will be returned, and a temporary -negative key will be installed in the nominated -.IR keyring . -This will expire after a few seconds, but will cause subsequent -calls to -.BR request_key () -to fail until it does. -.P -The -.I keyring -serial number may be that of a valid keyring to which the caller has write -permission, or it may be a special keyring ID: -.TP -.B KEY_SPEC_THREAD_KEYRING -This specifies the caller's thread-specific keyring. -.TP -.B KEY_SPEC_PROCESS_KEYRING -This specifies the caller's process-specific keyring. -.TP -.B KEY_SPEC_SESSION_KEYRING -This specifies the caller's session-specific keyring. -.TP -.B KEY_SPEC_USER_KEYRING -This specifies the caller's UID-specific keyring. -.TP -.B KEY_SPEC_USER_SESSION_KEYRING -This specifies the caller's UID-session keyring. -.P -If a key is created, no matter whether it's a valid key or a negative key, it -will displace any other key of the same type and description from the -destination -.IR keyring . -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH RETURN VALUE -On success -.BR request_key () -returns the serial number of the key it found. -On error, the value -.B -1 -will be returned and errno will have been set to an appropriate error. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH ERRORS -.TP -.B ENOKEY -No matching key was found. -.TP -.B EKEYEXPIRED -An expired key was found, but no replacement could be obtained. -.TP -.B EKEYREVOKED -A revoked key was found, but no replacement could be obtained. -.TP -.B EKEYREJECTED -The attempt to generate a new key was rejected. -.TP -.B ENOMEM -Insufficient memory to create a key. -.TP -.B EINTR -The request was interrupted by a signal. -.TP -.B EDQUOT -The key quota for this user would be exceeded by creating this key or linking -it to the keyring. -.TP -.B EACCES -The keyring wasn't available for modification by the user. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH LINKING -Although this is a Linux system call, it is not present in -.I libc -but can be found rather in -.IR libkeyutils . -When linking, -.B -lkeyutils -should be specified to the linker. -.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -.SH SEE ALSO -.BR keyctl (1), -.BR add_key (2), -.BR keyctl (2), -.BR request-key (8) |