 |
Index for
Section 3 |
|
 |
Alphabetical
listing for I |
|
 |
Bottom of
page |
|
identity(3)
NAME
starting_luid, starting_ruid, starting_euid, starting_rgid, starting_egid,
is_starting_luid, is_starting_ruid, is_starting_euid, is_starting_rgid,
is_starting_egid, set_auth_parameters, check_auth_parameters - Get or check
user or group IDs (Enhanced Security)
SYNOPSIS
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
uid_t starting_luid(
void );
uid_t starting_ruid(
void );
uid_t starting_euid(
void );
uid_t starting_rgid(
void );
uid_t starting_egid(
void );
int is_starting_luid(
uid_t uid );
int is_starting_ruid(
uid_t uid );
int is_starting_euid(
uid_t uid );
int is_starting_rgid(
uid_t gid );
int is_starting_egid(
uid_t gid );
void set_auth_parameters(
int argc,
char *argv[] );
void check_auth_parameters(
void );
LIBRARY
Enhanced Security Library (libsecurity)
PARAMETERS
uid Specifies the process's user ID.
gid Specifies the process's group ID.
argc
Specifies the argument count.
DESCRIPTION
The identity functions provide a way to recall the IDs of a process at the
time the program started. They are useful when interrogating the invoking
environment of a program after any setuid() or setgid() calls have been
made so that the original environment can be captured.
The starting_luid() function returns the login UID for the process. The
login UID is the immutable stamp for the process and accurately denotes the
account under which the session is being run, regardless of subsequent
setuid() calls.
The starting_ruid() function returns the real UID for the process as it was
set in the beginning of the program. Similarly, starting_euid() returns the
effective UID, starting_rgid() returns the real GID, and starting_egid()
returns the effective GID. These IDs may not be the same as those returned
by getuid(), geteuid(), getgid(), or getegid(), respectively, because
intervening calls to setuid() or setgid() can change them depending on the
process's privileges.
The is_starting_luid() function returns a value of 1 if the argument is the
same as the login UID at the time when set_auth_parameters() was invoked;
otherwise, it returns a value of 0 (zero). Similarly, The
is_starting_ruid() function returns 1 if the argument is the same as the
real UID at the time when set_auth_parameters() was invoked, and 0
otherwise. The is_starting_euid() function returns 1 if the argument is the
same as the effective UID at the time when set_auth_parameters() was
invoked, and 0 otherwise. The is_starting_rgid() function returns 1 if the
argument is the same as the real GID at the time when set_auth_parameters()
was invoked, and 0 otherwise. The is_starting_egid() function returns 1 if
the argument is the same as the effective GID at the time when
set_auth_parameters() was invoked, and 0 otherwise.
The set_auth_parameters() function is used to retain the IDs for future
lookup. It also tests the kernel to see if the security features have been
loaded. If not, the program exists with an error message. It should be
called first in a program or there is a chance that it will capture an
environment different from the conditions at the program start. The two
arguments are the argument count and vector with which the program was
called. The check_auth_parameters() function verifies that
set_auth_parameters() has been previously invoked. If not, the program
exits.
NOTES
Programs must call set_auth_parameters() before any other action in main().
The program must always call set_auth_parameters(argc,argv) before doing
anything that changes argc or argv; the other functions in identity.c
depend on this happening. The argc parameter must be at least 1.
Programs using these functions must be compiled with -lsecurity.
SEE ALSO
Functions: getuid(2), getgid(2), setuid(2), setgid(2)
|
Index for
Section 3 |
|
|
Alphabetical
listing for I |
|
 |
Top of
page |
|