• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: proc_ucred() temporary? What's permanent?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proc_ucred() temporary? What's permanent?

  • Subject: Re: proc_ucred() temporary? What's permanent?
  • From: Mike Smith <email@hidden>
  • Date: Thu, 12 May 2005 12:31:01 -0700

On May 11, 2005, at 5:12 PM, Kevin Brock wrote:

The comment in sys/proc.h above the declaration of proc_ucred() says that it's a temporary API.

Getting this information is pretty important to what we're doing... Does anyone know if this is really a temporary API? If it is, does anyone know what the permanent API will look like? 

Use the kauth interfaces to get credential information:

/* for the current context */
extern uid_t    kauth_getuid(void);
extern uid_t    kauth_getruid(void);
extern gid_t    kauth_getgid(void);
extern gid_t    kauth_getrgid(void);

/* to get/release a credential */
extern kauth_cred_t kauth_cred_get(void); /* current context, does not take a reference */
extern kauth_cred_t kauth_cred_get_with_ref(void); /* current context, takes a reference */
extern kauth_cred_t kauth_cred_proc_ref(proc_t procp); /* arbitrary proc, takes a reference */
extern void kauth_cred_rele(kauth_cred_t _cred);

/* for an arbitrary credential */
extern uid_t    kauth_cred_getuid(kauth_cred_t _cred);
extern gid_t    kauth_cred_getgid(kauth_cred_t _cred);

Note that credentials are immutable; don't mess with their contents or very bad things will happen.
The system uniques credentials such that there's only ever one copy of a given cred; if you mung it,
you don't just change it for your reference, you change it for everything else that holds the same
cred. So don't do it. 8)

Also note, since you don't explain why you want the credential, that you shouldn't make any assumptions
about the group list in the credential. It doesn't always mean what you think it means.

Use the membership functions to test for group membership; this will make you > 16 groups and
nested-groups aware. Don't count on being able to get a list of all the groups a uid is a member of;
this list isn't available in the kernel, and may be arbitrarily large.

 = Mike

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >proc_ucred() temporary?  What's permanent? (From: Kevin Brock <email@hidden>)






    

  • Prev by Date:
Re: VNOP_GETATTR

    • 

  • Next by Date:
Re: argument defs for vnode scope callbacks

    • 

  • Previous by thread:
proc_ucred() temporary?  What's permanent?

    • 

  • Next by thread:
Tiger kextcache command

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •