• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Internet Config from a daemon
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Config from a daemon


  • Subject: Re: Internet Config from a daemon
  • From: Quinn <email@hidden>
  • Date: Wed, 20 Aug 2003 08:53:22 +0100

At 16:00 -0400 19/8/03, Mike Cohen wrote:
If I run the agent manually from the terminal, it's able to return all of the correct information, but none of the user-related info is available when actually run as a daemon.

Is there any way I can have internet config obtain the settings either for the currently logged in user or the machine owner?

Given that IC preferences are stored per-user and Mac OS X supports multiple users, there's a question of whose preferences you want to get back. IC decides this based on the process's effective user ID (EUID). A daemon typically runs as root (effective user ID 0), and thus you'll get back root's preferences (not very helpful). What you should do is change your effective user ID before making the IC calls. You can do this using seteuid.

Be warned that the EUID is a per-process property, so if you're multi-threaded you have to coordinate it between your threads.

Also, changing UID like this does not always work as expected. If the framework you're calling caches preferences, you can end up with incorrect values. I have not heard of this sort of problem with IC on Mac OS X, but it's a general concern.

A better solution might be for your daemon never to call IC directly, but rather to fork every time it wants to get a user's preferences, and have the child process call setuid to the UID in question and then call IC. That way IC won't get chance to cache incorrect values. It has the added advantage that it limits your security exposure (as a rule, it's best if root processes don't call high-level frameworks).

A much better solution is to factor your product into two components. Have a daemon that runs in the background and responds to network events and a faceless login item that's run each time a user logs in. When the login item runs, it connects to the daemon (through whatever IPC you like, maybe as Mach IPC or a UNIX domain socket), and tells the daemon that particular user's settings. When the daemon gets a network request, it just looks at the table of information given to it by the various login items.

This approach has a number of key advantages.

1. Calling high-level frameworks from low-level processes (like daemons) is always problematic in terms of compatibility. This avoids the problem because the login item is running in the user's context.

2. There are no security concerns because your daemon is not calling high-level frameworks. Better yet, if your daemon only needs root in order to bind its low-numbered port, its startup code can do the bind and then it can drop its UID to minimise the damage of potential security exploits.

3. It's fully compatible with Fast User Switching (where multiple users can be logged in at the same time).

4. You get automatic notification of when a user logs in and logs out via your IPC mechanism.

I don't see any way to obtain that information with SCF rather than IC.

Well, let's look at each in turn.

<CT:setting name="Name" value="Mike Cohen" />

You can the user's real name from getpwname.

<CT:setting name="SMTPHost" value="mail.bellsouth.net" />
<CT:setting name="HomePage" value="http://my.excite.com/"; />
<CT:setting name="Email" value="email@hidden" />

These are pretty much unique to IC.

<CT:setting name="Browser" value="Camino" />
<CT:setting name="Mailer" value="Mail" />

You can get these from Launch Services. Of course, Launch Services is a high-level framework, just like IC, so it doesn't buy you much.

<CT:setting name="Proxy" value="blueg3.homeip.net:81" />
<CT:setting name="UseProxy" value="false" />

These are available in System Configuration framework via SCDynamicStoreCopyProxies.

S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.

References: 
 >Internet Config from a daemon (From: Mike Cohen <email@hidden>)

  • Prev by Date: Re: Retrieving Adapter information
  • Next by Date: Re: Configuration setup
  • Previous by thread: Internet Config from a daemon
  • Next by thread: CFSocket and kCFRunLoopDefaultMode
  • Index(es):
    • Date
    • Thread