Партнёры:
Хостинг:
ucred crget crhold crfree crshared crcopy crdup cru2x cred_update_thread - functions related to user credentials
The
crget ();
function allocates memory
for a new structure, sets its reference count to 1, and
initializes its lock.
The
crhold ();
function increases the reference count on the credential.
The
crfree ();
function decreases the reference count on the credential.
If the count drops to 0, the storage for the structure is freed.
The
crshared ();
function returns true if the credential is shared.
A credential is considered to be shared if its reference
count is greater than one.
The
crcopy ();
function copies the contents of the source (template)
credential into the destination template.
The
Vt uidinfo
structure within the destination is referenced
by calling
uihold(9).
The
crdup ();
function allocates memory for a new structure and copies the
contents of
Fa cr
into it.
The actual copying is performed by
crcopy (.);
The
cru2x ();
function converts a
Vt ucred
structure to an
Vt xucred
structure.
That is,
it copies data from
Fa cr
to
Fa xcr ;
it ignores fields in the former that are not present in the latter
(e.g.,
cr_uidinfo )
and appropriately sets fields in the latter that are not present in
the former
(e.g.,
cr_version )
The
cred_update_thread ();
function sets the credentials of
Fa td
to that of its process, freeing its old credential if required.
crshared ();
returns 0 if the credential has a reference count greater than 1;
otherwise, 1 is returned.
In the common case, credentials required for access control decisions are used in a read-only manner. In these circumstances, the thread credential td_ucred should be used, as it requires no locking to access safely, and remains stable for the duration of the call even in the face of a multi-threaded application changing the process credentials from another thread. Primitives such as suser(9) will assume the use of td_ucred unless explicitly specified using suser_cred9.
During a process credential update, the process lock must be held across check and update, to prevent race conditions. The process credential, td->td_proc->p_ucred must be used both for check and update. If a process credential is updated during a system call and checks against the thread credential are to be made later during the same system call, the thread credential must also be refreshed from the process credential so as to prevent use of a stale value. To avoid this scenario, it is recommended that system calls updating the process credential be designed to avoid other authorization functions.
If temporarily elevated privileges are required for a thread, the thread
credential can by replaced for the duration of an activity, or for
the remainder of the system call.
However, as a thread credential is often shared, appropriate care should be
taken to make sure modifications are made to a writable credential
through the use of
crget ();
and
crcopy (.);
Caution should be exercised when checking authorization for a thread or process perform an operation on another thread or process. As a result of temporary elevation, the target thread credential should never be used as the target credential in an access control decision: the process credential associated with the thread, td->td_proc->p_ucred should be used instead. For example, p_candebug9 accepts a target process, not a target thread, for access control purposes.
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |