IDENTITY(S) UNIX System V IDENTITY(S)
Name
identity - get or check uids or gids from program start
Syntax
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
ushort starting_luid ()
ushort starting_ruid ()
ushort starting_euid ()
ushort starting_rgid ()
ushort starting_egid ()
int is_starting_luid (uid)
ushort uid;
int is_starting_ruid (uid)
ushort uid;
int is_starting_euid (uid)
ushort uid;
int is_starting_rgid (gid)
ushort gid;
int is_starting_rgid (gid)
ushort gid;
void set_auth_parameters (argc, argv)
int argc;
char *argv[];
void check_auth_parameters ()
Description
These routines provide a way to recall the IDs of a process
at the time the program started. They are useful when
interrogating the invoking environment of a program after
any setuid(S) or setgid(S) calls have been made so that the
original environment can be captured.
Starting_luid returns the login UID for the process as it
was set in the beginning of the program. The login UID is
the immutable stamp for the process and accurately denotes
the account under which the session is being run, regardless
of subsequent setuid(S) calls. Starting_ruid returns the
real UID for the process as it was set in the beginning of
the program. Similarly, starting_euid returns the effective
UID, starting_rgid returns the real GID, and starting_egid
returns the effective GID, These IDs may not be the same as
those returned by getluid(S), getuid(S), geteuid(S),
getgid(S), or getegid(S), respectively, because intervening
calls to setluid(S), setuid(S) or setgid(S) can change the
latter set while the former set remains the same.
The routine is_starting_luid returns 1 if the argument is
the same as the login UID at the time when
set_auth_parameters was invoked, and 0 otherwise.
Similarly, is_starting_ruid returns 1 if the argument is the
same as the real UID at the time when set_auth_parameters
was invoked, and 0 otherwise; is_starting_euid returns 1 if
the argument is the same as the effective UID at the time
when set_auth_parameters was invoked, and 0 otherwise;
is_starting_rgid returns 1 if the argument is the same as
the real GID at the time when set_auth_parameters was
invoked, and 0 otherwise; and is_starting_egid returns 1 if
the argument is the same as the effective GID at the time
when set_auth_parameters was invoked, and 0 otherwise.
The set_auth_parameters routine is used to retain the IDs
for future lookup. It also tests the kernel to see if the
C2 security features have been loaded. If not, the program
exists with an error message. It should be called first in
a program or there is a chance that it will capture an
environment different from the program beginning. The two
arguments are the argument count and vector with which the
program was called. Check_auth_parameters will verify that
set_auth_parameters has been previously invoked. If not,
the program exits. If so, nothing happens.
Notes
These routines only work as advertised when
set_auth_parameters is called as the first item in main().
See Also
getuid(S), geteuid(S), getgid(S), getegid(S)
Value Added
identity is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 6/20/89)