UCRED(3C) Standard C Library Functions UCRED(3C)


NAME


ucred, ucred_get, ucred_free, ucred_geteuid, ucred_getruid,
ucred_getsuid, ucred_getegid, ucred_getrgid, ucred_getsgid,
ucred_getgroups, ucred_getprivset, ucred_getpid, ucred_getprojid,
ucred_getzoneid, ucred_getpflags, ucred_getlabel, ucred_size - user
credential functions

SYNOPSIS


#include <ucred.h>

ucred_t *ucred_get(pid_t pid);


void ucred_free(ucred_t *uc);


uid_t ucred_geteuid(const ucred_t *uc);


uid_t ucred_getruid(const ucred_t *uc);


uid_t ucred_getsuid(const ucred_t *uc);


gid_t ucred_getegid(const ucred_t *uc);


gid_t ucred_getrgid(const ucred_t *uc);


gid_t ucred_getsgid(const ucred_t *uc);


int ucred_getgroups(const ucred_t *uc, const gid_t **groups);


const priv_set_t *ucred_getprivset(const ucred_t *uc,
priv_ptype_t set);


pid_t ucred_getpid(const ucred_t *uc);


projid_t ucred_getprojid(const ucred_t *uc);


zoneid_t ucred_getzoneid(const ucred_t *uc);


uint_t ucred_getpflags(const ucred_t *uc, uint_t flags);


m_label_t *ucred_getlabel(const ucred_t *uc);


size_t ucred_size(void);


DESCRIPTION


These functions return or act on a user credential, ucred_t. User
credentials are returned by various functions and describe the
credentials of a process. Information about the process can then be
obtained by calling the access functions. Access functions can fail if
the underlying mechanism did not return sufficient information.


The ucred_get() function returns the user credential of the specified pid
or NULL if none can be obtained. A pid value of P_MYID returns
information about the calling process. The return value is dynamically
allocated and must be freed using ucred_free().


The ucred_geteuid(), ucred_getruid(), ucred_getsuid(), ucred_getegid(),
ucred_getrgid(), and ucred_getsgid() functions return the effective UID,
real UID, saved UID, effective GID, real GID, saved GID, respectively, or
-1 if the user credential does not contain sufficient information.


The ucred_getgroups() function stores a pointer to the group list in the
gid_t * pointed to by the second argument and returns the number of
groups in the list. It returns -1 if the information is not available.
The returned group list is valid until ucred_free() is called on the user
credential given as argument.


The ucred_getpid() function returns the process ID of the process or -1
if the process ID is not available. The process ID returned in a user
credential is only guaranteed to be correct in a very limited number of
cases when returned by door_ucred(3C) and ucred_get(). In all other
cases, the process in question might have handed of the file descriptor,
the process might have exited or executed another program, or the process
ID might have been reused by a completely unrelated process after the
original program exited.


The ucred_getprojid() function returns the project ID of the process or
-1 if the project ID is not available.


The ucred_getzoneid() function returns the zone ID of the process or -1
if the zone ID is not available.


The ucred_getprivset() function returns the specified privilege set
specified as second argument, or NULL if either the requested information
is not available or the privilege set name is invalid. The returned
privilege set is valid until ucred_free() is called on the specified user
credential.


The ucred_getpflags() function returns the value of the specified
privilege flags from the ucred structure, or (uint_t)-1 if none was
present.


The ucred_getlabel() function returns the value of the label, or NULL if
the label is not available. The returned label is valid until
ucred_free() is called on the specified user credential. This function is
available only if the system is configured with Trusted Extensions.


The ucred_free() function frees the memory allocated for the specified
user credential.


The ucred_size() function returns sizeof(ucred_t). This value is constant
only until the next boot, at which time it could change. The ucred_size()
function can be used to determine the size of the buffer needed to
receive a credential option with SO_RECVUCRED. See socket.h(3HEAD).

RETURN VALUES


See DESCRIPTION.

ERRORS


The ucred_get() function will fail if:

EAGAIN
There is not enough memory available to allocate sufficient
memory to hold a user credential. The application can try again
later.


EACCES
The caller does not have sufficient privileges to examine the
target process.


EMFILE
ENFILE
The calling process cannot open any more files.


ENOMEM
The physical limits of the system are exceeded by the memory
allocation needed to hold a user credential.


ESRCH
The target process does not exist.


The ucred_getprivset() function will fail if:

EINVAL
The privilege set argument is invalid.


The ucred_getlabel() function will fail if:

EINVAL
The label is not present.


The ucred_geteuid(), ucred_getruid(), ucred_getsuid(), ucred_getegid(),
ucred_getrgid(), ucred_getsgid(), ucred_getgroups(), ucred_getpflags(),
ucred_getprivset(), ucred_getprojid(), ucred_getpid(), and
ucred_getlabel() functions will fail if:

EINVAL
The requested user credential attribute is not available in the
specified user credential.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+

SEE ALSO


getpflags(2), getppriv(2), door_ucred(3C), getpeerucred(3C),
priv_set(3C), socket.h(3HEAD), attributes(5), labels(5), privileges(5)


November 6, 2014 UCRED(3C)