starting_luid, starting_ruid, starting_euid, starting_rgid,
starting_egid, is_starting_luid, is_starting_ruid,
is_starting_euid, is_starting_rgid, is_starting_egid,
set_auth_parameters, check_auth_parameters - Get
or check user or group IDs (Enhanced Security)
#include <sys/types.h> #include <sys/security.h> #include
<prot.h>
uid_t starting_luid(
void ); uid_t starting_ruid(
void ); uid_t starting_euid(
void ); uid_t starting_rgid(
void ); uid_t starting_egid(
void ); int is_starting_luid(
uid_t uid ); int is_starting_ruid(
uid_t uid ); int is_starting_euid(
uid_t uid ); int is_starting_rgid(
uid_t gid ); int is_starting_egid(
uid_t gid ); void set_auth_parameters(
int argc,
char *argv[] ); void check_auth_parameters(
void );
Enhanced Security Library (libsecurity)
Specifies the process's user ID. Specifies the process's
group ID. Specifies the argument count.
The identity functions provide a way to recall the IDs of
a process at the time the program started. They are useful
when interrogating the invoking environment of a program
after any setuid() or setgid() calls have been made so
that the original environment can be captured.
The starting_luid() function returns the login UID for the
process. The login UID is the immutable stamp for the process
and accurately denotes the account under which the
session is being run, regardless of subsequent setuid()
calls.
The starting_ruid() function returns the real UID for the
process as it was set in the beginning of the program.
Similarly, starting_euid() returns the effective UID,
starting_rgid() returns the real GID, and starting_egid()
returns the effective GID. These IDs may not be the same
as those returned by getuid(), geteuid(), getgid(), or
getegid(), respectively, because intervening calls to
setuid() or setgid() can change them depending on the process's
privileges.
The is_starting_luid() function returns a value of 1 if
the argument is the same as the login UID at the time when
set_auth_parameters() was invoked; otherwise, it returns a
value of 0 (zero). Similarly, The is_starting_ruid() function
returns 1 if the argument is the same as the real UID
at the time when set_auth_parameters() was invoked, and 0
otherwise. The is_starting_euid() function returns 1 if
the argument is the same as the effective UID at the time
when set_auth_parameters() was invoked, and 0 otherwise.
The is_starting_rgid() function returns 1 if the argument
is the same as the real GID at the time when
set_auth_parameters() was invoked, and 0 otherwise. The
is_starting_egid() function returns 1 if the argument is
the same as the effective GID at the time when
set_auth_parameters() was invoked, and 0 otherwise.
The set_auth_parameters() function is used to retain the
IDs for future lookup. It also tests the kernel to see if
the security features have been loaded. If not, the program
exists with an error message. It should be called
first in a program or there is a chance that it will capture
an environment different from the conditions at the
program start. The two arguments are the argument count
and vector with which the program was called. The
check_auth_parameters() function verifies that
set_auth_parameters() has been previously invoked. If not,
the program exits.
Programs must call set_auth_parameters() before any other
action in main(). The program must always call
set_auth_parameters(argc,argv) before doing anything that
changes argc or argv; the other functions in identity.c
depend on this happening. The argc parameter must be at
least 1.
Programs using these functions must be compiled with -lsecurity.
Functions: getuid(2), getgid(2), setuid(2), setgid(2)
identity(3)
[ Back ] |
