keyutils historical version 1.0

- Add build dependency on glibc-kernheaders with key management syscall
- Add data pipe-in facility for keyctl request2
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
- Add data pipe-in facilities for keyctl add, update and instantiate

8 files changed, 449 insertions, 121 deletions

diff --git a/Makefile b/Makefile
index f5ff8f9..91a9252 100644
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,19 @@
-CFLAGS		:= -g -Wall -O2
+CFLAGS		:= -g -O2 -Wall
 INSTALL		:= install
 DESTDIR		:=
-MAJOR		:= 0
-MINOR		:= 3
+MAJOR		:= 1
+MINOR		:= 0
 RELEASE		:=
 VERSION		:= $(MAJOR).$(MINOR)$(RELEASE)
 NO_GLIBC_KEYERR	:= 0
 NO_GLIBC_KEYSYS	:= 0
 BUILDFOR	:= 
 LIBDIR		:= /lib
+USRLIBDIR	:= /usr/lib
+ARLIB		:= libkeyutils.a
+DEVELLIB	:= libkeyutils.so
+SONAME		:= libkeyutils.so.$(MAJOR)
+LIBNAME		:= libkeyutils-$(VERSION).so
 
 LNS		:= ln -sf
 
@@ -24,39 +29,55 @@ CFLAGS	+= -DNO_GLIBC_KEYSYS
 endif
 
 ifeq ($(BUILDFOR),32-bit)
-CFLAGS	+= -m32
-LIBDIR	:= /lib
+CFLAGS		+= -m32
+LIBDIR		:= /lib
+USRLIBDIR	:= /usr/lib
 else
 ifeq ($(BUILDFOR),64-bit)
-CFLAGS	+= -m64
-LIBDIR	:= /lib64
+CFLAGS		+= -m64
+LIBDIR		:= /lib64
+USRLIBDIR	:= /usr/lib64
 endif
 endif
 
-all: libkeyutil.so keyctl request-key
+all: $(ARLIB) $(DEVELLIB) keyctl request-key
+
+
+$(ARLIB): keyutils.o
+	$(AR) rcs $@ $<
 
+keyutils.o: keyutils.c keyutils.h Makefile
+	$(CC) $(CFLAGS) -UNO_GLIBC_KEYERR -o $@ -c $<
 
-libkeyutil.so: libkeyutil.so.$(MAJOR)
+
+$(DEVELLIB): $(SONAME)
 	ln -sf $< $@
 
-libkeyutil.so.$(MAJOR): libkeyutil.so.$(VERSION)
+$(SONAME): $(LIBNAME)
 	ln -sf $< $@
 
-libkeyutil.so.$(VERSION): keyutil.c keyutil.h Makefile
-	$(CC) $(CFLAGS) -fPIC $(LDFLAGS) -shared -Wl,-soname,libkeyutil.so.$(MAJOR) -o $@ keyutil.c $(LIBLIBS)
+LIBVERS := -shared -Wl,-soname,$(SONAME) -Wl,--version-script,version.lds
+
+$(LIBNAME): keyutils.os version.lds Makefile
+	$(CC) $(CFLAGS) -fPIC $(LDFLAGS) $(LIBVERS) -o $@ keyutils.os $(LIBLIBS)
+
+keyutils.os: keyutils.c keyutils.h Makefile
+	$(CC) $(CFLAGS) -fPIC -o $@ -c $<
 
 
-keyctl: keyctl.c keyutil.h Makefile
-	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutil -Wl,-rpath,$(LIB)
+keyctl: keyctl.c keyutils.h Makefile
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB)
 
-request-key: request-key.c keyutil.h Makefile
-	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutil -Wl,-rpath,$(LIB)
+request-key: request-key.c keyutils.h Makefile
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L. -lkeyutils -Wl,-rpath,$(LIB)
 
 
 install: all
-	$(INSTALL) -D libkeyutil.so.$(VERSION) $(DESTDIR)/$(LIBDIR)/libkeyutil.so.$(VERSION)
-	$(LNS) libkeyutil.so.$(VERSION) $(DESTDIR)/$(LIBDIR)/libkeyutil.so.$(MAJOR)
-	$(LNS) libkeyutil.so.$(MAJOR) $(DESTDIR)/$(LIBDIR)/libkeyutil.so
+	$(INSTALL) -D $(ARLIB) $(DESTDIR)/$(USRLIBDIR)/$(ARLIB)
+	$(INSTALL) -D $(LIBNAME) $(DESTDIR)/$(LIBDIR)/$(LIBNAME)
+	$(LNS) $(LIBNAME) $(DESTDIR)/$(LIBDIR)/$(SONAME)
+	mkdir -p $(DESTDIR)/$(USRLIBDIR)
+	$(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)/$(USRLIBDIR)/$(DEVELLIB)
 	$(INSTALL) -D keyctl $(DESTDIR)/bin/keyctl
 	$(INSTALL) -D request-key $(DESTDIR)/sbin/request-key
 	$(INSTALL) -D request-key.conf $(DESTDIR)/etc/request-key.conf
@@ -64,9 +85,10 @@ install: all
 	$(INSTALL) -D keyctl.1 $(DESTDIR)/usr/share/man/man1/keyctl.1
 	$(INSTALL) -D request-key.conf.5 $(DESTDIR)/usr/share/man/man5/request-key.conf.5
 	$(INSTALL) -D request-key.8 $(DESTDIR)/usr/share/man/man8/request-key.8
-	$(INSTALL) -D keyutil.h $(DESTDIR)/usr/include/keyutil.h
+	$(INSTALL) -D keyutils.h $(DESTDIR)/usr/include/keyutils.h
 
 clean:
-	$(RM) libkeyutil.so libkeyutil.so.$(MAJOR) libkeyutil.so.$(VERSION)
+	$(RM) libkeyutils*
 	$(RM) keyctl request-key
-	$(RM) *~
+	$(RM) *.o *.os *~
+	$(RM) debugfiles.list debugsources.list
diff --git a/keyctl.1 b/keyctl.1
index 2318e9e..00cb987 100644
--- a/keyctl.1
+++ b/keyctl.1
@@ -15,12 +15,18 @@ keyctl - Key management facility control
 .br
 \fBkeyctl\fR add <type> <desc> <data> <keyring>
 .br
+\fBkeyctl\fR padd <type> <desc> <keyring>
+.br
 \fBkeyctl\fR request <type> <desc> [<dest_keyring>]
 .br
 \fBkeyctl\fR request2 <type> <desc> <info> [<dest_keyring>]
 .br
+\fBkeyctl\fR prequest2 <type> <desc> [<dest_keyring>]
+.br
 \fBkeyctl\fR update <key> <data>
 .br
+\fBkeyctl\fR pupdate <key>
+.br
 \fBkeyctl\fR newring <name> <keyring>
 .br
 \fBkeyctl\fR revoke <key>
@@ -61,6 +67,8 @@ keyctl - Key management facility control
 .br
 \fBkeyctl\fR instantiate <key> <data> <keyring>
 .br
+\fBkeyctl\fR pinstantiate <key> <keyring>
+.br
 \fBkeyctl\fR negate <key> <timeout> <keyring>
 .br
 \fBkeyctl\fR timeout <key> <timeout>
@@ -128,6 +136,8 @@ what keys and keyrings they contain.
 (*) \fBAdd a key to a keyring\fR
 .P
 \fBkeyctl add\fR <type> <desc> <data> <keyring>
+.br
+\fBkeyctl padd\fR <type> <desc> <keyring>
 .P
 This command creates a key of the specified type and description; instantiates
 it with the given data and attaches it to the specified keyring. It then prints
@@ -139,22 +149,36 @@ testbox>keyctl add user mykey stuff @u
 26
 .RE
 .P
+The \fBpadd\fR variant of the command reads the data from stdin rather than
+taking it from the command line:
+.P
+.RS
+testbox>echo -n stuff | keyctl padd user mykey @u
+.br
+26
+.RE
+.P
 (*) \fBRequest a key\fR
 .P
 \fBkeyctl request\fR <type> <desc> [<dest_keyring>]
 .br
 \fBkeyctl request2\fR <type> <desc> <info> [<dest_keyring>]
+.br
+\fBkeyctl prequest2\fR <type> <desc> [<dest_keyring>]
 .P
-These two commands request the lookup of a key of the given type and
+These three commands request the lookup of a key of the given type and
 description. The process's keyrings will be searched, and if a match is found
 the matching key's ID will be printed to stdout; and if a destination keyring
 is given, the key will be added to that keyring also.
 .P
 If there is no key, the first command will simply return the error ENOKEY and
-fail. The second command will create a partial key with the type and
+fail. The second and third commands will create a partial key with the type and
 description, and call out to \fB/sbin/request-key\fR with that key and the
-extra information supplied above. This will then attempt to instantiate the key
-in some manner, such that a valid key is obtained.
+extra information supplied. This will then attempt to instantiate the key in
+some manner, such that a valid key is obtained.
+.P
+The third command is like the second, except that the callout information is
+read from stdin rather than being passed on the command line.
 .P
 If a valid key is obtained, the ID will be printed and the key attached as if
 the original search had succeeded.
@@ -168,6 +192,10 @@ testbox>keyctl request2 user debug:hello wibble
 .br
 23
 .br
+testbox>echo -n wibble | keyctl prequest2 user debug:hello
+.br
+23
+.br
 testbox>keyctl request user debug:hello
 .br
 23
@@ -176,6 +204,8 @@ testbox>keyctl request user debug:hello
 (*) \fBUpdate a key\fR
 .P
 \fBkeyctl update\fR <key> <data>
+.br
+\fBkeyctl pupdate\fR <key>
 .P
 This command replaces the data attached to a key with a new set of data. If the
 type of the key doesn't support update then error "Operation not supported"
@@ -185,6 +215,13 @@ will be returned.
 testbox>keyctl update 23 zebra
 .RE
 .P
+The \fBpupdate\fR variant of the command reads the data from stdin rather than
+taking it from the command line:
+.P
+.RS
+testbox>echo -n zebra | keyctl pupdate 23
+.RE
+.P
 (*) \fBCreate a keyring\fR
 .P
 \fBkeyctl newring\fR <name> <keyring>
@@ -500,6 +537,8 @@ keyring;4043;4043;3f1f0000;fish
 .P
 \fBkeyctl instantiate\fR <key> <data> <keyring>
 .br
+\fBkeyctl pinstantiate\fR <key> <keyring>
+.br
 \fBkeyctl negate\fR <key> <timeout> <keyring>
 .P
 These commands are used to attach data to a partially set up key (as created by
@@ -523,6 +562,13 @@ testbox>keyctl instantiate $1 "Debug $3" $4
 testbox>keyctl negate $1 30 $4
 .RE
 .P
+The \fBpinstantiate\fR variant of the command reads the data from stdin rather
+than taking it from the command line:
+.P
+.RS
+testbox>echo -n "Debug $3" | keyctl pinstantiate $1 $4
+.RE
+.P
 (*) \fBSet the expiry time on a key\fR
 .P
 \fBkeyctl timeout\fR <key> <timeout>
diff --git a/keyctl.c b/keyctl.c
index 70f2345..dc11805 100644
--- a/keyctl.c
+++ b/keyctl.c
@@ -18,7 +18,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <asm/unistd.h>
-#include "keyutil.h"
+#include "keyutils.h"
 
 struct command {
 	int (*action)(int argc, char *argv[]);
@@ -28,9 +28,12 @@ struct command {
 
 static int act_keyctl_show(int argc, char *argv[]);
 static int act_keyctl_add(int argc, char *argv[]);
+static int act_keyctl_padd(int argc, char *argv[]);
 static int act_keyctl_request(int argc, char *argv[]);
 static int act_keyctl_request2(int argc, char *argv[]);
+static int act_keyctl_prequest2(int argc, char *argv[]);
 static int act_keyctl_update(int argc, char *argv[]);
+static int act_keyctl_pupdate(int argc, char *argv[]);
 static int act_keyctl_newring(int argc, char *argv[]);
 static int act_keyctl_revoke(int argc, char *argv[]);
 static int act_keyctl_clear(int argc, char *argv[]);
@@ -49,15 +52,19 @@ static int act_keyctl_chgrp(int argc, char *argv[]);
 static int act_keyctl_setperm(int argc, char *argv[]);
 static int act_keyctl_session(int argc, char *argv[]);
 static int act_keyctl_instantiate(int argc, char *argv[]);
+static int act_keyctl_pinstantiate(int argc, char *argv[]);
 static int act_keyctl_negate(int argc, char *argv[]);
 static int act_keyctl_timeout(int argc, char *argv[]);
 
 const struct command commands[] = {
 	{ act_keyctl_show,	"show",		"" },
 	{ act_keyctl_add,	"add",		"<type> <desc> <data> <keyring>" },
+	{ act_keyctl_padd,	"padd",		"<type> <desc> <keyring>" },
 	{ act_keyctl_request,	"request",	"<type> <desc> [<dest_keyring>]" },
 	{ act_keyctl_request2,	"request2",	"<type> <desc> <info> [<dest_keyring>]" },
+	{ act_keyctl_prequest2,	"prequest2",	"<type> <desc> [<dest_keyring>]" },
 	{ act_keyctl_update,	"update",	"<key> <data>" },
+	{ act_keyctl_pupdate,	"pupdate",	"<key>" },
 	{ act_keyctl_newring,	"newring",	"<name> <keyring>" },
 	{ act_keyctl_revoke,	"revoke",	"<key>" },
 	{ act_keyctl_clear,	"clear",	"<keyring>" },
@@ -78,6 +85,7 @@ const struct command commands[] = {
 	{ act_keyctl_session,	"session",	"- [<prog> <arg1> <arg2> ...]" },
 	{ act_keyctl_session,	"session",	"<name> [<prog> <arg1> <arg2> ...]" },
 	{ act_keyctl_instantiate, "instantiate","<key> <data> <keyring>" },
+	{ act_keyctl_pinstantiate, "pinstantiate","<key> <keyring>" },
 	{ act_keyctl_negate,	"negate",	"<key> <timeout> <keyring>" },
 	{ act_keyctl_timeout,	"timeout",	"<key> <timeout>" },
 	{ NULL, NULL, NULL }
@@ -88,6 +96,21 @@ static void format(void) __attribute__((noreturn));
 static void error(const char *msg) __attribute__((noreturn));
 static key_serial_t get_key_id(const char *arg);
 
+static uid_t myuid;
+static gid_t mygid, *mygroups;
+static int myngroups;
+
+/*****************************************************************************/
+/*
+ * handle an error
+ */
+static inline void error(const char *msg)
+{
+	perror(msg);
+	exit(1);
+
+} /* end error() */
+
 /*****************************************************************************/
 /*
  * execute the appropriate subcommand
@@ -131,6 +154,22 @@ int main(int argc, char *argv[])
 		exit(2);
 	}
 
+	/* grab my UID, GID and groups */
+	myuid = geteuid();
+	mygid = getegid();
+	myngroups = getgroups(0, NULL);
+
+	if (myuid == -1 || mygid == -1 || myngroups == -1)
+		error("Unable to get UID/GID/#Groups\n");
+
+	mygroups = calloc(myngroups, sizeof(gid_t));
+	if (!mygroups)
+		error("calloc");
+
+	myngroups = getgroups(myngroups, mygroups);
+	if (myngroups < 0)
+		error("Unable to get Groups\n");
+
 	return best->action(argc, argv);
 
 } /* end main() */
@@ -168,14 +207,82 @@ static void format(void)
 
 /*****************************************************************************/
 /*
- * handle an error
+ * grab data from stdin
  */
-static inline void error(const char *msg)
+static char *grab_stdin(void)
 {
-	perror(msg);
-	exit(1);
+	static char input[65536 + 1];
+	int n, tmp;
 
-} /* end error() */
+	n = 0;
+	do {
+		tmp = read(0, input + n, sizeof(input) - 1 - n);
+		if (tmp < 0)
+			error("stdin");
+
+		if (tmp == 0)
+			break;
+
+		n += tmp;
+
+	} while (n < sizeof(input));
+
+	if (n >= sizeof(input)) {
+		fprintf(stderr, "Too much data read on stdin\n");
+		exit(1);
+	}
+
+	input[n] = '\0';
+
+	return input;
+
+} /* end grab_stdin() */
+
+/*****************************************************************************/
+/*
+ * convert the permissions mask to a string representing the permissions we
+ * have actually been granted
+ */
+static void calc_perms(char *pretty, key_perm_t perm, uid_t uid, gid_t gid)
+{
+	unsigned perms;
+	gid_t *pg;
+	int loop;
+
+	perms = (perm & KEY_POS_ALL) >> 24;
+
+	if (uid == myuid) {
+		perms |= (perm & KEY_USR_ALL) >> 16;
+		goto write_mask;
+	}
+
+	if (gid != -1) {
+		if (gid == mygid) {
+			perms |= (perm & KEY_GRP_ALL) >> 8;
+			goto write_mask;
+		}
+
+		pg = mygroups;
+		for (loop = myngroups; loop > 0; loop--, pg++) {
+			if (gid == *pg) {
+				perms |= (perm & KEY_GRP_ALL) >> 8;
+				goto write_mask;
+			}
+		}
+	}
+
+	perms |= (perm & KEY_OTH_ALL);
+
+write_mask:
+	sprintf(pretty, "--%c%c%c%c%c%c",
+		perms & KEY_OTH_SETATTR	? 'a' : '-',
+		perms & KEY_OTH_LINK	? 'l' : '-',
+		perms & KEY_OTH_SEARCH	? 's' : '-',
+		perms & KEY_OTH_WRITE	? 'w' : '-',
+		perms & KEY_OTH_READ	? 'r' : '-',
+		perms & KEY_OTH_VIEW	? 'v' : '-');
+
+} /* end calc_perms() */
 
 /*****************************************************************************/
 /*
@@ -217,6 +324,28 @@ static int act_keyctl_add(int argc, char *argv[])
 
 /*****************************************************************************/
 /*
+ * add a key, reading from a pipe
+ */
+static int act_keyctl_padd(int argc, char *argv[])
+{
+	char *args[6];
+
+	if (argc != 4)
+		format();
+
+	args[0] = argv[0];
+	args[1] = argv[1];
+	args[2] = argv[2];
+	args[3] = grab_stdin();
+	args[4] = argv[3];
+	args[5] = NULL;
+
+	return act_keyctl_add(5, args);
+
+} /* end act_keyctl_padd() */
+
+/*****************************************************************************/
+/*
  * request a key
  */
 static int act_keyctl_request(int argc, char *argv[])
@@ -269,6 +398,29 @@ static int act_keyctl_request2(int argc, char *argv[])
 
 /*****************************************************************************/
 /*
+ * request a key, with recourse to /sbin/request-key, reading the callout info
+ * from a pipe
+ */
+static int act_keyctl_prequest2(int argc, char *argv[])
+{
+	char *args[6];
+
+	if (argc != 3 && argc != 4)
+		format();
+
+	args[0] = argv[0];
+	args[1] = argv[1];
+	args[2] = argv[2];
+	args[3] = grab_stdin();
+	args[4] = argv[3];
+	args[5] = NULL;
+
+	return act_keyctl_request2(argc + 1, args);
+
+} /* end act_keyctl_prequest2() */
+
+/*****************************************************************************/
+/*
  * update a key
  */
 static int act_keyctl_update(int argc, char *argv[])
@@ -289,6 +441,26 @@ static int act_keyctl_update(int argc, char *argv[])
 
 /*****************************************************************************/
 /*
+ * update a key, reading from a pipe
+ */
+static int act_keyctl_pupdate(int argc, char *argv[])
+{
+	char *args[4];
+
+	if (argc != 2)
+		format();
+
+	args[0] = argv[0];
+	args[1] = argv[1];
+	args[2] = grab_stdin();
+	args[3] = NULL;
+
+	return act_keyctl_update(3, args);
+
+} /* end act_keyctl_pupdate() */
+
+/*****************************************************************************/
+/*
  * create a new keyring
  */
 static int act_keyctl_newring(int argc, char *argv[])
@@ -495,8 +667,8 @@ static int act_keyctl_pipe(int argc, char *argv[])
 	if (ret < 0)
 		error("keyctl_read_alloc");
 
-	if (ret > 0)
-		write(1, buffer, ret);
+	if (ret > 0 && write(1, buffer, ret) < 0)
+		error("write");
 	return 0;
 
 } /* end act_keyctl_pipe() */
@@ -552,10 +724,10 @@ static int act_keyctl_list(int argc, char *argv[])
 	key_serial_t keyring, key, *pk;
 	key_perm_t perm;
 	void *keylist;
-	char *buffer;
+	char *buffer, pretty_mask[9];
 	uid_t uid;
 	gid_t gid;
-	int count, tlen, dpos, dlen, ret;
+	int count, tlen, dpos, n, ret;
 
 	if (argc != 2)
 		format();
@@ -596,32 +768,19 @@ static int act_keyctl_list(int argc, char *argv[])
 
 		tlen = -1;
 		dpos = -1;
-		dlen = -1;
 
-		sscanf((char *) buffer, "%*[^;]%n;%d;%d;%x;%n%*[^;]%n",
-		       &tlen, &uid, &gid, &perm, &dpos, &dlen);
-		if (dlen == -1) {
+		n = sscanf((char *) buffer, "%*[^;]%n;%d;%d;%x;%n",
+			   &tlen, &uid, &gid, &perm, &dpos);
+		if (n != 3) {
 			fprintf(stderr, "Unparseable description obtained for key %d\n", key);
 			exit(3);
 		}
 
-		printf("%9d: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d %*.*s: %s\n",
+		calc_perms(pretty_mask, perm, uid, gid);
+
+		printf("%9d: %s %5d %5d %*.*s: %s\n",
 		       key,
-		       perm & KEY_USR_VIEW	? 'v' : '-',
-		       perm & KEY_USR_READ	? 'r' : '-',
-		       perm & KEY_USR_WRITE	? 'w' : '-',
-		       perm & KEY_USR_SEARCH	? 's' : '-',
-		       perm & KEY_USR_LINK	? 'l' : '-',
-		       perm & KEY_GRP_VIEW	? 'v' : '-',
-		       perm & KEY_GRP_READ	? 'r' : '-',
-		       perm & KEY_GRP_WRITE	? 'w' : '-',
-		       perm & KEY_GRP_SEARCH	? 's' : '-',
-		       perm & KEY_GRP_LINK	? 'l' : '-',
-		       perm & KEY_OTH_VIEW	? 'v' : '-',
-		       perm & KEY_OTH_READ	? 'r' : '-',
-		       perm & KEY_OTH_WRITE	? 'w' : '-',
-		       perm & KEY_OTH_SEARCH	? 's' : '-',
-		       perm & KEY_OTH_LINK	? 'l' : '-',
+		       pretty_mask,
 		       uid, gid,
 		       tlen, tlen, buffer,
 		       buffer + dpos);
@@ -683,7 +842,7 @@ static int act_keyctl_describe(int argc, char *argv[])
 	char *buffer;
 	uid_t uid;
 	gid_t gid;
-	int tlen, dpos, dlen, ret;
+	int tlen, dpos, n, ret;
 
 	if (argc != 2)
 		format();
@@ -702,33 +861,46 @@ static int act_keyctl_describe(int argc, char *argv[])
 
 	tlen = -1;
 	dpos = -1;
-	dlen = -1;
 
-	sscanf(buffer, "%*[^;]%n;%d;%d;%x;%n%*[^;]%n",
-	       &tlen, &uid, &gid, &perm, &dpos, &dlen);
-	if (dlen == -1) {
+	n = sscanf(buffer, "%*[^;]%n;%d;%d;%x;%n",
+		   &tlen, &uid, &gid, &perm, &dpos);
+	if (n != 3) {
 		fprintf(stderr, "Unparseable description obtained for key %d\n", key);
 		exit(3);
 	}
 
 	/* display it */
-	printf("%9d: %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d %*.*s: %s\n",
+	printf("%9d:"
+	       " %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c"
+	       " %5d %5d %*.*s: %s\n",
 	       key,
-	       perm & KEY_USR_VIEW	? 'v' : '-',
-	       perm & KEY_USR_READ	? 'r' : '-',
-	       perm & KEY_USR_WRITE	? 'w' : '-',
-	       perm & KEY_USR_SEARCH	? 's' : '-',
+	       perm & KEY_POS_SETATTR	? 'a' : '-',
+	       perm & KEY_POS_LINK	? 'l' : '-',
+	       perm & KEY_POS_SEARCH	? 's' : '-',
+	       perm & KEY_POS_WRITE	? 'w' : '-',
+	       perm & KEY_POS_READ	? 'r' : '-',
+	       perm & KEY_POS_VIEW	? 'v' : '-',
+
+	       perm & KEY_USR_SETATTR	? 'a' : '-',
 	       perm & KEY_USR_LINK	? 'l' : '-',
-	       perm & KEY_GRP_VIEW	? 'v' : '-',
-	       perm & KEY_GRP_READ	? 'r' : '-',
-	       perm & KEY_GRP_WRITE	? 'w' : '-',
-	       perm & KEY_GRP_SEARCH	? 's' : '-',
+	       perm & KEY_USR_SEARCH	? 's' : '-',
+	       perm & KEY_USR_WRITE	? 'w' : '-',
+	       perm & KEY_USR_READ	? 'r' : '-',
+	       perm & KEY_USR_VIEW	? 'v' : '-',
+
+	       perm & KEY_GRP_SETATTR	? 'a' : '-',
 	       perm & KEY_GRP_LINK	? 'l' : '-',
-	       perm & KEY_OTH_VIEW	? 'v' : '-',
-	       perm & KEY_OTH_READ	? 'r' : '-',
-	       perm & KEY_OTH_WRITE	? 'w' : '-',
-	       perm & KEY_OTH_SEARCH	? 's' : '-',
+	       perm & KEY_GRP_SEARCH	? 's' : '-',
+	       perm & KEY_GRP_WRITE	? 'w' : '-',
+	       perm & KEY_GRP_READ	? 'r' : '-',
+	       perm & KEY_GRP_VIEW	? 'v' : '-',
+
+	       perm & KEY_OTH_SETATTR	? 'a' : '-',
 	       perm & KEY_OTH_LINK	? 'l' : '-',
+	       perm & KEY_OTH_SEARCH	? 's' : '-',
+	       perm & KEY_OTH_WRITE	? 'w' : '-',
+	       perm & KEY_OTH_READ	? 'r' : '-',
+	       perm & KEY_OTH_VIEW	? 'v' : '-',
 	       uid, gid,
 	       tlen, tlen, buffer,
 	       buffer + dpos);
@@ -925,6 +1097,27 @@ static int act_keyctl_instantiate(int argc, char *argv[])
 
 /*****************************************************************************/
 /*
+ * instantiate a key, reading from a pipe
+ */
+static int act_keyctl_pinstantiate(int argc, char *argv[])
+{
+	char *args[5];
+
+	if (argc != 3)
+		format();
+
+	args[0] = argv[0];
+	args[1] = argv[1];
+	args[2] = grab_stdin();
+	args[3] = argv[2];
+	args[4] = NULL;
+
+	return act_keyctl_instantiate(4, args);
+
+} /* end act_keyctl_pinstantiate() */
+
+/*****************************************************************************/
+/*
  * negate a key that's under construction
  */
 static int act_keyctl_negate(int argc, char *argv[])
@@ -1026,8 +1219,8 @@ static int dump_key_tree_aux(key_serial_t key, int depth, int more)
 	key_perm_t perm;
 	size_t ringlen, desclen;
 	void *payload;
-	char *desc, type[255];
-	int uid, gid, ret, n, rdepth, kcount = 0;
+	char *desc, type[255], pretty_mask[9];
+	int uid, gid, ret, n, dpos, rdepth, kcount = 0;
 
 	if (depth > 8)
 		return 0;
@@ -1061,34 +1254,25 @@ static int dump_key_tree_aux(key_serial_t key, int depth, int more)
 	uid = 0;
 	gid = 0;
 	perm = 0;
-	sscanf(desc, "%[^;];%d;%d;%x;%n",
-	       type, &uid, &gid, &perm, &n);
+
+	n = sscanf(desc, "%[^;];%d;%d;%x;%n",
+		   type, &uid, &gid, &perm, &dpos);
+
+	if (n != 4) {
+		fprintf(stderr, "Unparseable description obtained for key %d\n", key);
+		exit(3);
+	}
 
 	/* and print */
-	printf("%9d"
-	       " %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c %5d %5d "
-	       " %s%s%s: %s\n"
-	       ,
+	calc_perms(pretty_mask, perm, uid, gid);
+
+	printf("%9d %s  %5d %5d  %s%s%s: %s\n",
 	       key,
-	       perm & KEY_USR_LINK	? 'l' : '-',
-	       perm & KEY_USR_SEARCH	? 's' : '-',
-	       perm & KEY_USR_WRITE	? 'w' : '-',
-	       perm & KEY_USR_READ	? 'r' : '-',
-	       perm & KEY_USR_VIEW	? 'v' : '-',
-	       perm & KEY_GRP_LINK	? 'l' : '-',
-	       perm & KEY_GRP_SEARCH	? 's' : '-',
-	       perm & KEY_GRP_WRITE	? 'w' : '-',
-	       perm & KEY_GRP_READ	? 'r' : '-',
-	       perm & KEY_GRP_VIEW	? 'v' : '-',
-	       perm & KEY_OTH_LINK	? 'l' : '-',
-	       perm & KEY_OTH_SEARCH	? 's' : '-',
-	       perm & KEY_OTH_WRITE	? 'w' : '-',
-	       perm & KEY_OTH_READ	? 'r' : '-',
-	       perm & KEY_OTH_VIEW	? 'v' : '-',
+	       pretty_mask,
 	       uid, gid,
 	       dumpindent,
 	       depth > 0 ? "\\_ " : "",
-	       type, desc + n);
+	       type, desc + dpos);
 
 	/* if it's a keyring then we're going to want to recursively
 	 * display it if we can */
diff --git a/keyutil.c b/keyutils.c
index b12cea9..891fee4 100644
--- a/keyutil.c
+++ b/keyutils.c
@@ -1,4 +1,4 @@
-/* keyutil.c: key utility library
+/* keyutils.c: key utility library
  *
  * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
@@ -18,7 +18,7 @@
 #include <dlfcn.h>
 #include <errno.h>
 #include <asm/unistd.h>
-#include "keyutil.h"
+#include "keyutils.h"
 
 #ifdef NO_GLIBC_KEYERR
 static int error_inited;
diff --git a/keyutil.h b/keyutils.h
index 5b78b31..29faa81 100644
--- a/keyutil.h
+++ b/keyutils.h
@@ -1,4 +1,4 @@
-/* keyutil.h: key utility library interface
+/* keyutils.h: key utility library interface
  *
  * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
@@ -9,8 +9,8 @@
  * 2 of the License, or (at your option) any later version.
  */
 
-#ifndef KEYUTIL_H
-#define KEYUTIL_H
+#ifndef KEYUTILS_H
+#define KEYUTILS_H
 
 #include <stdint.h>
 
@@ -140,4 +140,4 @@ extern int keyctl_describe_alloc(key_serial_t id, char **_buffer);
 extern int keyctl_read_alloc(key_serial_t id, void **_buffer);
 
 
-#endif /* KEYUTIL_H */
+#endif /* KEYUTILS_H */
diff --git a/keyutils.spec b/keyutils.spec
index 1557ef6..4b5f4f2 100644
--- a/keyutils.spec
+++ b/keyutils.spec
@@ -1,11 +1,12 @@
-%define vermajor 0
-%define version %{vermajor}.3
+%define vermajor 1
+%define version %{vermajor}.0
 %define _exec_prefix /
+%define usrlibdir %{_prefix}/%{_lib}
 
 Summary: Linux Key Management Utilities
 Name: keyutils
 Version: %{version}
-Release: 3
+Release: 2
 License: GPL/LGPL
 Group: System Environment/Base
 ExclusiveOS: Linux
@@ -13,12 +14,21 @@ ExclusiveOS: Linux
 Source0: http://people.redhat.com/~dhowells/keyutils/keyutils-%{version}.tar.bz2
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+BuildRequires: glibc-kernheaders >= 2.4-9.1.92
 
 %description
 Utilities to control the kernel key management facility and to provide
 a mechanism by which the kernel call back to userspace to get a key
 instantiated.
 
+%package libs
+Summary: Key utilities library
+Group: System Environment/Base
+
+%description libs
+This package provides a wrapper library for the key management facility system
+calls.
+
 %package devel
 Summary: Development package for building linux key management utilities
 Group: System Environment/Base
@@ -30,32 +40,60 @@ This package provides headers and libraries for building key utilities.
 %setup -q
 
 %build
-make LIBDIR=%{_libdir} RELEASE=.%{release} NO_GLIBC_KEYERR=1
+make \
+	LIBDIR=%{_libdir} \
+	USRLIBDIR=%{usrlibdir} \
+	RELEASE=.%{release} \
+	NO_GLIBC_KEYERR=1 \
+	CFLAGS="-Wall $RPM_OPT_FLAGS"
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make DESTDIR=$RPM_BUILD_ROOT LIBDIR=%{_libdir} RELEASE=.%{release} install
+make DESTDIR=$RPM_BUILD_ROOT LIBDIR=%{_libdir} USRLIBDIR=%{usrlibdir} RELEASE=.%{release} install
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root,-)
-%doc README LICENCE.GPL LICENCE.LGPL
-%{_libdir}/libkeyutil.so.%{version}.%{release}
-%{_libdir}/libkeyutil.so.%{vermajor}
+%doc README LICENCE.GPL
 /sbin/*
 /bin/*
 /usr/share/keyutils/*
 %{_mandir}/*
 %config(noreplace) /etc/*
 
+%files libs
+%defattr(-,root,root,-)
+%doc LICENCE.LGPL
+%{_libdir}/libkeyutils-%{version}.%{release}.so
+%{_libdir}/libkeyutils.so.%{vermajor}
+
 %files devel
 %defattr(-,root,root,-)
-%{_libdir}/libkeyutil.so
+%{usrlibdir}/libkeyutils.a
+%{usrlibdir}/libkeyutils.so
 %{_includedir}/*
 
 %changelog
+* Mon Dec 5 2005 David Howells <dhowells@redhat.com> - 1.0-2
+- Add build dependency on glibc-kernheaders with key management syscall numbers
+
+* Tue Nov 29 2005 David Howells <dhowells@redhat.com> - 1.0-1
+- Add data pipe-in facility for keyctl request2
+
+* Mon Nov 28 2005 David Howells <dhowells@redhat.com> - 1.0-1
+- Rename library and header file "keyutil" -> "keyutils" for consistency
+- Fix shared library version naming to same way as glibc.
+- Add versioning for shared library symbols
+- Create new keyutils-libs package and install library and main symlink there
+- Install base library symlink in /usr/lib and place in devel package
+- Added a keyutils archive library
+- Shorten displayed key permissions list to just those we actually have
+
+* Thu Nov 24 2005 David Howells <dhowells@redhat.com> - 0.3-4
+- Add data pipe-in facilities for keyctl add, update and instantiate
+
 * Fri Nov 18 2005 David Howells <dhowells@redhat.com> - 0.3-3
 - Added stdint.h inclusion in keyutils.h
 - Made request-key.c use request_key() rather than keyctl_search()
diff --git a/request-key.c b/request-key.c
index 9b8863b..d58479e 100644
--- a/request-key.c
+++ b/request-key.c
@@ -29,7 +29,7 @@
 #include <ctype.h>
 #include <sys/select.h>
 #include <sys/wait.h>
-#include "keyutil.h"
+#include "keyutils.h"
 
 
 static int xdebug;
@@ -128,7 +128,7 @@ int main(int argc, char *argv[])
 {
 	key_serial_t key;
 	char *ktype, *kdesc, *buf, *callout_info;
-	int ret, ntype, dpos, dlen, fd;
+	int ret, ntype, dpos, n, fd;
 
 	signal(SIGSEGV, oops);
 	signal(SIGBUS, oops);
@@ -176,9 +176,11 @@ int main(int argc, char *argv[])
 
 	key = atoi(xkey);
 
-	/* assume authority over the key */
+	/* assume authority over the key
+	 * - older kernel doesn't support this function
+	 */
 	ret = keyctl_assume_authority(key);
-	if (ret < 0)
+	if (ret < 0 && !(argc == 9 || errno == EOPNOTSUPP))
 		error("Failed to assume authority over key %d (%m)\n", key);
 
 	/* ask the kernel to describe the key to us */
@@ -195,10 +197,9 @@ int main(int argc, char *argv[])
 	debug("Key descriptor: \"%s\"\n", buf);
 	ntype = -1;
 	dpos = -1;
-	dlen = -1;
 
-	sscanf(buf, "%*[^;]%n;%*d;%*d;%*x;%n%*[^;]%n", &ntype, &dpos, &dlen);
-	if (dlen == -1)
+	n = sscanf(buf, "%*[^;]%n;%*d;%*d;%x;%n", &ntype, &n, &dpos);
+	if (n != 1)
 		error("Failed to parse key description\n");
 
 	ktype = buf;
@@ -708,7 +709,10 @@ static void pipe_to_program(char *op,
 		if (tmp < 0)
 			error("select failed: %m\n");
 
-		debug("select -> %d r=%x w=%x\n", tmp, *(unsigned *) &rfds, *(unsigned *) &wfds);
+		debug("select -> %d r=%x w=%x\n",
+		      tmp,
+		      *(unsigned *) (void *) &rfds,
+		      *(unsigned *) (void *) &wfds);
 
 		if (TOSTDIN != -1 && FD_ISSET(TOSTDIN, &wfds)) {
 			tmp = write(TOSTDIN, pc, ninfo);
diff --git a/version.lds b/version.lds
new file mode 100644
index 0000000..05474db
--- /dev/null
+++ b/version.lds
@@ -0,0 +1,34 @@
+KEYUTILS_0.3 {
+
+	/* primary syscalls; may be overridden by glibc */
+	add_key;
+	request_key;
+	keyctl;
+
+	/* management functions */
+	keyctl_chown;
+	keyctl_clear;
+	keyctl_describe;
+	keyctl_describe_alloc;
+	keyctl_get_keyring_ID;
+	keyctl_instantiate;
+	keyctl_join_session_keyring;
+	keyctl_link;
+	keyctl_negate;
+	keyctl_read;
+	keyctl_read_alloc;
+	keyctl_revoke;
+	keyctl_search;
+	keyctl_setperm;
+	keyctl_set_reqkey_keyring;
+	keyctl_unlink;
+	keyctl_update;
+	 
+};
+
+KEYUTILS_1.0 {
+	/* management functions */
+	keyctl_assume_authority;
+	keyctl_set_timeout;
+
+} KEYUTILS_0.3;