site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On May 11, 2005, at 5:12 PM, Kevin Brock wrote: Use the kauth interfaces to get credential information: /* for the current context */ extern uid_t kauth_getuid(void); extern uid_t kauth_getruid(void); extern gid_t kauth_getgid(void); extern gid_t kauth_getrgid(void); /* for an arbitrary credential */ extern uid_t kauth_cred_getuid(kauth_cred_t _cred); extern gid_t kauth_cred_getgid(kauth_cred_t _cred); = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... The comment in sys/proc.h above the declaration of proc_ucred() says that it's a temporary API. Getting this information is pretty important to what we're doing... Does anyone know if this is really a temporary API? If it is, does anyone know what the permanent API will look like? /* to get/release a credential */ extern kauth_cred_t kauth_cred_get(void); /* current context, does not take a reference */ extern kauth_cred_t kauth_cred_get_with_ref(void); /* current context, takes a reference */ extern kauth_cred_t kauth_cred_proc_ref(proc_t procp); /* arbitrary proc, takes a reference */ extern void kauth_cred_rele(kauth_cred_t _cred); Note that credentials are immutable; don't mess with their contents or very bad things will happen. The system uniques credentials such that there's only ever one copy of a given cred; if you mung it, you don't just change it for your reference, you change it for everything else that holds the same cred. So don't do it. 8) Also note, since you don't explain why you want the credential, that you shouldn't make any assumptions about the group list in the credential. It doesn't always mean what you think it means. Use the membership functions to test for group membership; this will make you > 16 groups and nested-groups aware. Don't count on being able to get a list of all the groups a uid is a member of; this list isn't available in the kernel, and may be arbitrarily large. This email sent to site_archiver@lists.apple.com