UCRED(3C) Standard C Library Functions UCRED(3C)
NAME
ucred, ucred_get, ucred_free, ucred_geteuid, ucred_getruid,
ucred_getsuid, ucred_getegid, ucred_getrgid, ucred_getsgid,
ucred_getgroups, ucred_getprivset, ucred_getpid, ucred_getprojid,
ucred_getzoneid, ucred_getpflags, ucred_getlabel, ucred_size - user
credential functions
SYNOPSIS
#include <ucred.h>
ucred_t *ucred_get(
pid_t pid);
void ucred_free(
ucred_t *uc);
uid_t ucred_geteuid(
const ucred_t *uc);
uid_t ucred_getruid(
const ucred_t *uc);
uid_t ucred_getsuid(
const ucred_t *uc);
gid_t ucred_getegid(
const ucred_t *uc);
gid_t ucred_getrgid(
const ucred_t *uc);
gid_t ucred_getsgid(
const ucred_t *uc);
int ucred_getgroups(
const ucred_t *uc,
const gid_t **groups);
const priv_set_t *ucred_getprivset(
const ucred_t *uc,
priv_ptype_t set);
pid_t ucred_getpid(
const ucred_t *uc);
projid_t ucred_getprojid(
const ucred_t *uc);
zoneid_t ucred_getzoneid(
const ucred_t *uc);
uint_t ucred_getpflags(
const ucred_t *uc,
uint_t flags);
m_label_t *ucred_getlabel(
const ucred_t *uc);
size_t ucred_size(
void);
DESCRIPTION
These functions return or act on a user credential,
ucred_t. User
credentials are returned by various functions and describe the
credentials of a process. Information about the process can then be
obtained by calling the access functions. Access functions can fail
if the underlying mechanism did not return sufficient information.
The
ucred_get() function returns the user credential of the specified
pid or
NULL if none can be obtained. A
pid value of
P_MYID returns
information about the calling process. The return value is
dynamically allocated and must be freed using
ucred_free().
The
ucred_geteuid(),
ucred_getruid(),
ucred_getsuid(),
ucred_getegid(),
ucred_getrgid(), and
ucred_getsgid() functions
return the effective UID, real UID, saved UID, effective GID, real
GID, saved GID, respectively, or -1 if the user credential does not
contain sufficient information.
The
ucred_getgroups() function stores a pointer to the group list in
the
gid_t * pointed to by the second argument and returns the number
of groups in the list. It returns -1 if the information is not
available. The returned group list is valid until
ucred_free() is
called on the user credential given as argument.
The
ucred_getpid() function returns the process ID of the process or
-1 if the process ID is not available. The process ID returned in a
user credential is only guaranteed to be correct in a very limited
number of cases when returned by
door_ucred(3C) and
ucred_get(). In
all other cases, the process in question might have handed of the
file descriptor, the process might have exited or executed another
program, or the process ID might have been reused by a completely
unrelated process after the original program exited.
The
ucred_getprojid() function returns the project ID of the process
or -1 if the project ID is not available.
The
ucred_getzoneid() function returns the zone ID of the process or
-1 if the zone ID is not available.
The
ucred_getprivset() function returns the specified privilege set
specified as second argument, or
NULL if either the requested
information is not available or the privilege set name is invalid.
The returned privilege set is valid until
ucred_free() is called on
the specified user credential.
The
ucred_getpflags() function returns the value of the specified
privilege flags from the
ucred structure, or (
uint_t)-1 if none was
present.
The
ucred_getlabel() function returns the value of the label, or
NULL if the label is not available. The returned label is valid until
ucred_free() is called on the specified user credential. This
function is available only if the system is configured with Trusted
Extensions.
The
ucred_free() function frees the memory allocated for the
specified user credential.
The
ucred_size() function returns
sizeof(
ucred_t). This value is
constant only until the next boot, at which time it could change. The
ucred_size() function can be used to determine the size of the buffer
needed to receive a credential option with
SO_RECVUCRED. See
socket.h(3HEAD).
RETURN VALUES
See DESCRIPTION.
ERRORS
The
ucred_get() function will fail if:
EAGAIN There is not enough memory available to allocate sufficient
memory to hold a user credential. The application can try
again later.
EACCES The caller does not have sufficient privileges to examine
the target process.
EMFILE ENFILE The calling process cannot open any more files.
ENOMEM The physical limits of the system are exceeded by the
memory allocation needed to hold a user credential.
ESRCH The target process does not exist.
The
ucred_getprivset() function will fail if:
EINVAL The privilege set argument is invalid.
The
ucred_getlabel() function will fail if:
EINVAL The label is not present.
The
ucred_geteuid(),
ucred_getruid(),
ucred_getsuid(),
ucred_getegid(),
ucred_getrgid(),
ucred_getsgid(),
ucred_getgroups(),
ucred_getpflags(),
ucred_getprivset(),
ucred_getprojid(),
ucred_getpid(), and
ucred_getlabel() functions will fail if:
EINVAL The requested user credential attribute is not available in
the specified user credential.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
SEE ALSO
getpflags(2),
getppriv(2),
door_ucred(3C),
getpeerucred(3C),
priv_set(3C),
socket.h(3HEAD),
attributes(7),
labels(7),
privileges(7) November 6, 2014 UCRED(3C)
