Changeset View
Changeset View
Standalone View
Standalone View
share/man/man3/pthread_setcred_np.3
- This file was added.
.\" SPDX-License-Identifier: BSD-2-Clause | |||||
.\" | |||||
.\" Copyright (c) 2019 Gandi | |||||
.\" | |||||
.\" Redistribution and use in source and binary forms, with or without | |||||
.\" modification, are permitted provided that the following conditions | |||||
.\" are met: | |||||
.\" 1. Redistributions of source code must retain the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer. | |||||
.\" 2. Redistributions in binary form must reproduce the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer in the | |||||
.\" documentation and/or other materials provided with the distribution. | |||||
.\" | |||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
.\" SUCH DAMAGE. | |||||
.\" | |||||
.\" $FreeBSD$ | |||||
.\" | |||||
.Dd January 23, 2019 | |||||
.Dt pthread_setcred_np 3 | |||||
.Os | |||||
.Sh NAME | |||||
.Nm pthread_setcred_np , | |||||
.Nm pthread_getcred_np , | |||||
.Nm pthread_revertcred_np | |||||
.Nd control per-thread user credentials | |||||
.Sh LIBRARY | |||||
.Lb libpthread | |||||
.Sh SYNOPSIS | |||||
.In pthread_np.h | |||||
.In sys/param.h | |||||
.Ft int | |||||
.Fn pthread_setcred_np "uid_t uid" "int gidsetlen" "const gid_t *gidset" | |||||
.Ft int | |||||
.Fn pthread_getcred_np "uid_t *uid" "int *gidsetlen" "const gid_t *gidset" | |||||
.Ft int | |||||
.Fn pthread_revertcred_np "void" | |||||
.Sh Description | |||||
The | |||||
.Fn pthread_setcred_np | |||||
function sets the real, effective, and saved UIDs and GIDs, | |||||
along with supplementary group access list of the current thread. | |||||
.Pp | |||||
The | |||||
.Fa uid | |||||
parameter can be any UID. The | |||||
.Fa gidsetlen | |||||
parameter indicates the number of entries in the array and must be no more | |||||
than NGROUPS. The | |||||
.Fa gidset | |||||
parameter is an array of GIDs, the first being the primary GID to set. | |||||
This call will replace all supplementary groups in the credential. | |||||
.Pp | |||||
The | |||||
.Fn pthread_getcred_np | |||||
function retrieves the real user ID of the calling thread and stores it in | |||||
.Fa uid . | |||||
It also retrieves the current group access list of the calling thread and | |||||
stores it in | |||||
.Fa gidset . | |||||
The gidsetlen argument indicates the number of entries that may be placed in | |||||
gidset. | |||||
.Pp | |||||
The | |||||
.Fn pthread_getcred_np | |||||
sets this variable to the actual number of groups returned in | |||||
gidset, even on error. | |||||
.Pp | |||||
The | |||||
.Fn pthread_revertcred_np | |||||
function reverts the thread's credential, including the real, effective and | |||||
saved UIDs and GIDs, to the per-process credential. | |||||
.Pp | |||||
These functions may only be called if the process has super-user privileges. | |||||
.Sh RETURN VALUES | |||||
.Rv -std | |||||
.Sh ERRORS | |||||
The | |||||
.Fn pthread_revertcred_np | |||||
function will only fail if: | |||||
.Bl -tag -width Er | |||||
.It Bq Er EPERM | |||||
The user is not the super user. | |||||
.El | |||||
.Pp | |||||
In addition to the error returned by | |||||
.Fn pthread_revertcred_np , | |||||
the | |||||
.Fn pthread_setcred_np | |||||
and | |||||
.Fn pthread_getcred_np | |||||
functions calls may fail if: | |||||
.Bl -tag -width Er | |||||
.It Bq Er EINVAL | |||||
The value of | |||||
.Fa gidsetlen | |||||
is not valid. | |||||
.It Bq Er ENOENT | |||||
The per-thread credential has not yet been explicitly set with | |||||
.Fn pthread_setcred_np , | |||||
or it has been reverted with | |||||
.Fn pthread_revertcred_np . | |||||
.It Bq Er ERANGE | |||||
The incoming | |||||
.Fa gidsetlen | |||||
is less than the number of groups in the credential. | |||||
.It Bq Er EFAULT | |||||
One of the parameters points to an invalid address. | |||||
.El | |||||
.Sh STANDARDS | |||||
These functions are non standard extensions. | |||||
.Sh SEE ALSO | |||||
.Xr setcred 2 , | |||||
.Xr getcred 2 , | |||||
.Xr revertcred 2 , |