I am writing linux kernel code. I am in VFS and I want to modify it. I want to add a check to see whether or not the user is root and based on that make a decision. How do I do this? Is there a kernel version of getuid() ? Or does any structure like "current->" contain info on which user it is for the current process?
You can use current_cred() as defined in include/linux/cred.h, which will give you a pointer to a struct cred itself defined in the same header. Something like
if (current_cred()->uid != 0)
return -EPERM;
As mentioned current_cred()->uid now returns a struct kuid_t. To get the value you need current_cred()->uid.val & a final type cast to get rid of the warnings.
if ((int)current_cred()->uid.val != 0)
return -EPERM;
Related
According to Microsoft documentation:
"You can free this [pwfx] structure immediately after passing it to waveOutOpen."
But this code dosen't seem to agree:
pwfx=new WAVEFORMATEX;
pwfx->wFormatTag=WAVE_FORMAT_PCM;
pwfx->nChannels=2;
pwfx->nSamplesPerSec=SPS;
pwfx->nAvgBytesPerSec=SPS*2;
pwfx->nBlockAlign=2;
pwfx->wBitsPerSample=8;
mmres=waveOutOpen(&ghwo,uDeviceID,pwfx,dwCallback,dwCallbackInstance,fdwOpen);
delete pwfx;
The only problem I can see in the code you provided is that you did not fully initialise the struct. You did not initialise cbSize which in this instance must be set to 0.
Given that you are not allocating any extra data at the end of this struct, there's no need to allocate it in the heap.
It's entirely plausible that the problem lies in the other parameters that you pass to the function. We can't see any details of them, and therefore can't comment.
You don't need to new or delete anything. You can just do:
WAVEFORMATEX wfx = { };
wfx.wFormatTag=WAVE_FORMAT_PCM;
...
mmres=waveOutOpen(&ghwo,uDeviceID,&wfx,dwCallback,dwCallbackInstance,fdwOpen);
Does that help at all?
Although we define these variables in the global namespace, why do we need to explicitly specify the permissions for every variable declared. Or is my way of thinking completely wrong?
int number = 100;
module_param(number, int , 0); // module_param(variable_name, variable_type , permissions);
What does '0' in permission attribute actually mean?
This permission flags value controls who can access the representation of the module parameter in sysfs. If perm is set to 0, there is no sysfs entry at all; otherwise, it appears under /sys/module with the given set of permissions.
Use S_IRUGO for a parameter that can be read by the world but cannot be changed;
S_IRUGO|S_IWUSR allows root to change the parameter. Note that if a parameter is changed by sysfs, the value of that parameter as seen by your module changes, but your module is not notified in any other way. You should probably not make module parameters writable, unless you are prepared to detect the change and react accordingly.
The only use of a parameter with perm = 0 will have is that you can set it at module load time, and that's it.
You need to explicitly specify the permissions for every variable if you want to override the default permissions which is 0 I think.
I've registered a record using the Bonjour API. Now I want to know the contents of the record I just published. I created it by specifying a NULL hostname, meaning, "use the daemon's default", but I can't find a simple way to query what that is!
With avahi, it's easy: I call avahi_client_get_host_name() to get the starting value of the machine's hostname.
For both avahi and Bonjour, the value of the SRV record can change during the lifetime of the registration - if the registration was done with a NULL hostname, the record's hostname is updated automatically when necessary. All I want here is a way to get the initial value of the hostname, at the time when I perform the registration.
Note that on my Snow Leopard test machine, the default multicast hostname is not the same as the machine's name from gethostname(2).
Four solutions I can think of:
Grab hostname in my process. It may be in there somewhere. I did a strings(3) search on a memory dump of my process, and found four instances of the multicast hostname in my address space, but that could be coincidence given the name is used for other things. Even if the string I'm after is in my process somewhere, I can't find an API to retrieve it sanely.
Query the hostname from the daemon. There may be some query I can send over the mach port to the daemon that fetches it? I can't find an API again. The relevant chunk of code is in the uDNS.c file in mDNSResponder, and doesn't seem to be exposed via the RPC interface.
I could just lookup the service I registered. This may involve a bit of network traffic though, so unless there's some guarantee that won't happen, I'm loathe to do it.
Re-implement the logic in uDNS.c. It grabs the machine's hostname from a combination of:
Dynamic DNS configuration
Statically configured multicast hostname
Reverse lookup of the primary interface's IPv4 address
It specifically doesn't use gethostname(2) or equivalent
Re-implementing that logic seems infeasible.
At the moment, I'm tending towards doing a lookup to grab the value of the initial SRV registration, but it doesn't seem ideal. What's the correct solution?
I needed to do exactly this. You want to use the ConvertDomainNameToCString macro (included in mDNSEmbeddedAPI.h), and you need access to the core mDNS structure.
Here's how you get the exact Bonjour/Zeroconf hostname that was registered:
char szHostname[512];
extern mDNS m;
ConvertDomainNameToCString(&m.MulticastHostname, szHostname);
I hope this helps you.
For the record, I went with (4), grabbing the machine's configuration to pull together the hostname the daemon is using without having to query it.
static char* getBonjourDefaultHost()
{
char* rv = 0;
#ifdef __APPLE__
CFStringRef name = SCDynamicStoreCopyLocalHostName(NULL);
if (name) {
int len = CFStringGetLength(name);
rv = new char[len*4+1];
CFStringGetCString(name, rv, len*4+1, kCFStringEncodingUTF8);
CFRelease(name);
}
// This fallback is completely incorrect, but why should we care...
// Mac does something crazy like <sysctl hw.model>-<MAC address>.
if (!rv)
rv = GetHostname(); // using gethostname(2)
#elif defined(WIN32)
CHAR tmp[256+1];
ULONG namelength = sizeof(tmp);
DynamicFn<BOOL (WINAPI*)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD)>
GetComputerNameExA_("Kernel32", "GetComputerNameExA");
if (!GetComputerNameExA_.isValid() ||
!(*GetComputerNameExA_)(ComputerNamePhysicalDnsHostname, tmp, &namelength))
tmp[0] = 0;
// Roughly correct; there's some obscure string cleaning mDNSResponder does
// to tidy up funny international strings.
rv = tmp[0] ? strdup(tmp) : strdup("My Computer");
#elif defined(__sun)
// This is exactly correct! What a relief.
rv = GetHostName();
#else
#error Must add platform mDNS daemon scheme
#endif
return rv;
}
From the command line one can obtain the local (Bonjour) hostname using the scutil command:
scutil --get LocalHostName
Programmatically this is obtainable using the kSCPropNetLocalHostName key via the SystemConfiguration Framework.
I know this is already answered, but I went looking to see how to do it with the SystemConfiguration framework based on what Pierz said in the second half of his answer.
This is what I got working, figured it might save someone else googling this some time:
In Swift:
import SystemConfiguration
let store = SCDynamicStoreCreate(nil, "ipmenu" as CFString, nil, nil )
if let hostNames = SCDynamicStoreCopyValue(store, "Setup:/Network/HostNames" as CFString){
if let hostName:String = (hostNames[kSCPropNetLocalHostName]) as? String {
print("Host name:\(hostName)")
}
}
Using Apache Thrift and generating code in Java, I'm trying to figure if there is a way to have one of the enumerations be returned as default.
For e.g using the following definition:
enum STATE {
UNKNOWN,
AVAILABLE,
UNAVAILABLE
}
I want UNKNOWN to be returned as the default and not a NULL value so that additions to the enum do not affect existing clients.
Is it possible to do that? What are the other options available in this case?
I'm not sure about the part "returned as default" since there is no such thing as a default return value. What may solve your issue could be sth. like:
struct ReturnedValues
{
1: STATE state = UNKNOWN
}
Otherwise you should explain your case.
I'm using authopen inside one of my programs to modify files owned by root. As can be seen in the screenshot below authopen asks for a admin password. What I'd like to achieve is that the dialog shows my app's name and then passes the authorization to authopen.
Code
Launching authopen which returns an authorized file descriptor.
int pipe[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, pipe);
if (fork() == 0) { // child
// close parent's pipe
close(pipe[0]);
dup2(pipe[1], STDOUT_FILENO);
const char *authopenPath = "/usr/libexec/authopen";
execl(authopenPath,
authopenPath,
"-stdoutpipe",
[self.device.devicePath fileSystemRepresentation],
NULL);
NSLog(#"Fatal error, we should never reach %s:%d", __FILE__, __LINE__);
exit(-1);
} else { // parent
close(pipe[1]);
}
// get file descriptor through sockets
I'd really like not to use AuthorizationExecuteWithPrivileges because then I'd have to get more rights than I want to.
Apple has added an option to authopen in OS X 10.9 Mavericks that allows exactly this. Prior this seemed to be impossible.
-extauth
specifies that authopen should read one AuthorizationExternalForm structure from stdin,
convert it to an AuthorizationRef, and attempt to use it to authorize the open(2)
operation.
The authorization should refer to the sys.openfile right corresponding to the requested operation.
The authorization data will be read before any additional data supplied on stdin, and will
not be included in data written with -w.
I have not used this yet, so I do not have any sample code. If someone has, please add it to this answer.
I think if you give your app path in the 1st arg:
execl(authopenPath,
"app path", // <--
"-stdoutpipe",
[self.device.devicePath fileSystemRepresentation],
NULL);
the dialog will show:
"app namerequires that you type your password"
You need to be looking directly at the security framework, introduced in 10.4, I think, and been the main authorization source since 10.5. OSX still works within PAM (like Linux), but /etc/authorization now supersedes this. Apple does have one or two samples of code on how you could pragmatically create a class/entry for someone to authorize themselves against (or preauthorize/be preauthorized like folks who are allowed to print).
This question is old but it seems to be possible, as explained in this technical note :
Technical Note TN2095 : Authorization for Everyone
http://developer.apple.com/library/mac/#technotes/tn2095/_index.html