UCRED (9) | Kernel routines | Unix Manual Pages | :man|

Alphabetical Categories About us



UCRED (9) \| Kernel routines \| Unix Manual Pages \| :man▋ NAME ucred, crget, crhold, crfree, crshared, crcopy, crdup, cru2x, cred_update_thread - "functions related to user credentials" CONTENTS Synopsis Description Return Values Usage Notes See Also Authors SYNOPSIS .In sys/param.h .In sys/ucred.h "struct ucred "* `crget void` "struct ucred "* `crhold "struct ucred cr"` void* `crfree "struct ucred cr"` int* `crshared "struct ucred cr"` void* `crcopy "struct ucred dest" "struct ucred src"` "struct ucred "* `crdup "struct ucred cr"` void* `cru2x "struct ucred cr" "struct xucred xcr"` void `cred_update_thread "struct thread td"` DESCRIPTION The ucred* family of functions is used to manage user credential structures (Vt "struct ucred") within the kernel. The `crget` function allocates memory for a new structure, sets its reference count to 1, and initializes its lock. The `crhold` function increases the reference count on the credential. The `crfree` function decreases the reference count on the credential. If the count drops to 0, the storage for the structure is freed. The `crshared` function returns true if the credential is shared. A credential is considered to be shared if its reference count is greater than one. The `crcopy` function copies the contents of the source (template) credential into the destination template. The .Vt uidinfo structure within the destination is referenced by calling uihold(9). The `crdup` function allocates memory for a new structure and copies the contents of cr into it. The actual copying is performed by `crcopy`. The `cru2x` function converts a .Vt ucred structure to an .Vt xucred structure. That is, it copies data from cr to xcr; it ignores fields in the former that are not present in the latter (e.g., cr_uidinfo), and appropriately sets fields in the latter that are not present in the former (e.g., cr_version). The `cred_update_thread` function sets the credentials of td to that of its process, freeing its old credential if required. RETURN VALUES `crget`, `crhold` and `crdup` all return a pointer to a .Vt ucred structure. `crshared` returns 0 if the credential has a reference count greater than 1; otherwise, 1 is returned. USAGE NOTES As of .Fx 5.0 , the .Vt ucred structure contains extensible fields. This means that the correct protocol must always be followed to create a fresh and writable credential structure: new credentials must always be derived from existing credentials using `crget` and `crcopy`. In the common case, credentials required for access control decisions are used in a read-only manner. In these circumstances, the thread credential td_ucred should be used, as it requires no locking to access safely, and remains stable for the duration of the call even in the face of a multi-threaded application changing the process credentials from another thread. Primitives such as suser(9) will assume the use of td_ucred unless explicitly specified using suser_cred(9). During a process credential update, the process lock must be held across check and update, to prevent race conditions. The process credential, td->td_proc->p_ucred, must be used both for check and update. If a process credential is updated during a system call and checks against the thread credential are to be made later during the same system call, the thread credential must also be refreshed from the process credential so as to prevent use of a stale value. To avoid this scenario, it is recommended that system calls updating the process credential be designed to avoid other authorization functions. If temporarily elevated privileges are required for a thread, the thread credential can by replaced for the duration of an activity, or for the remainder of the system call. However, as a thread credential is often shared, appropriate care should be taken to make sure modifications are made to a writable credential through the use of `crget` and `crcopy`. Caution should be exercised when checking authorization for a thread or process perform an operation on another thread or process. As a result of temporary elevation, the target thread credential should never be used as the target credential in an access control decision: the process credential associated with the thread, td->td_proc->p_ucred, should be used instead. For example, p_candebug(9) accepts a target process, not a target thread, for access control purposes. SEE ALSO uihold(9) AUTHORS

Created by Blin Media, 2008-2013