Provided by: freebsd-manpages_12.0-1_all bug

NAME
       ucred,  crget,  crhold,  crfree,  crcopy,  crdup,  cru2x,  cred_update_thread — functions related to user
       credentials


SYNOPSIS
       #include <sys/param.h>
       #include <sys/ucred.h>

       struct ucred *
       crget(void);

       struct ucred *
       crhold(struct ucred *cr);

       void
       crfree(struct ucred *cr);

       void
       crcopy(struct ucred *dest, struct ucred *src);

       struct ucred *
       crcopysafe(struct proc *p, struct ucred *cr);

       struct ucred *
       crdup(struct ucred *cr);

       void
       crsetgroups(struct ucred *cr, int ngrp, gid_t *groups);

       void
       cru2x(struct ucred *cr, struct xucred *xcr);

       void
       cred_update_thread(struct thread *td);


DESCRIPTION
       The ucred family of functions is used to manage user credential  structures  (struct  ucred)  within  the
       kernel.

       The crget() function allocates memory for a new structure, sets its reference count to 1, and initializes
       its lock.

       The crhold() function increases the reference count on the credential.

       The  crfree()  function  decreases  the  reference count on the credential.  If the count drops to 0, the
       storage for the structure is freed.

       The crcopy() function copies the contents of  the  source  (template)  credential  into  the  destination
       template.  The uidinfo structure within the destination is referenced by calling uihold(9).

       The  crcopysafe()  function  copies  the  current credential associated with the process p into the newly
       allocated credential cr.  The process lock on p must be held and will be dropped and reacquired as needed
       to allocate group storage space in cr.

       The crdup() function allocates memory for a new structure and copies the contents of  cr  into  it.   The
       actual copying is performed by crcopy().

       The crsetgroups() function sets the cr_groups and cr_ngroups variables and allocates space as needed.  It
       also truncates the group list to the current maximum number of groups.  No other mechanism should be used
       to modify the cr_groups array except for updating the primary group via assignment to cr_groups[0].

       The  cru2x() function converts a ucred structure to an xucred structure.  That is, it copies data from cr
       to xcr; it ignores fields in the former that are not  present  in  the  latter  (e.g.,  cr_uidinfo),  and
       appropriately sets fields in the latter that are not present in the former (e.g., cr_version).

       The  cred_update_thread()  function  sets  the  credentials of td to that of its process, freeing its old
       credential if required.


RETURN VALUES
       crget(), crhold(), crdup(), and crcopysafe() all return a pointer to a ucred structure.


USAGE NOTES
       As of FreeBSD 5.0, the ucred structure contains extensible fields.  This means that the correct  protocol
       must  always be followed to create a fresh and writable credential structure: new credentials must always
       be derived from existing credentials using crget(), crcopy(), and crcopysafe().

       In the common case, credentials required for access control decisions are used in a read-only manner.  In
       these circumstances, the thread credential td_ucred should be used, as it requires no locking  to  access
       safely,  and remains stable for the duration of the call even in the face of a multi-threaded application
       changing the process credentials from another thread.

       During a process credential update, the process lock must be held across check  and  update,  to  prevent
       race  conditions.   The process credential, td->td_proc->p_ucred, must be used both for check and update.
       If a process credential is updated during a system call and checks against the thread credential  are  to
       be  made later during the same system call, the thread credential must also be refreshed from the process
       credential so as to prevent use of a stale value.  To avoid this scenario, it is recommended that  system
       calls updating the process credential be designed to avoid other authorization functions.

       If  temporarily  elevated privileges are required for a thread, the thread credential can by replaced for
       the duration of an activity, or for the remainder of the system call.  However, as a thread credential is
       often shared, appropriate care should be taken  to  make  sure  modifications  are  made  to  a  writable
       credential through the use of crget() and crcopy().

       Caution  should  be exercised when checking authorization for a thread or process perform an operation on
       another thread or process.  As a result of temporary elevation, the target thread credential should never
       be used as the target credential in an access control decision: the process  credential  associated  with
       the  thread,  td->td_proc->p_ucred,  should be used instead.  For example, p_candebug(9) accepts a target
       process, not a target thread, for access control purposes.


SEE ALSO
       uihold(9)


AUTHORS
       This manual page was written by Chad David <davidc@acns.ab.ca>.

Debian                                         September 27, 2017                                       UCRED(9)