在windows上，是否可以像一个不同的用户一样运行一个goroutine？ [英] On windows, is it possible to run a single goroutine as a different user?

问题描述

你如何将goroutine的运行委托给Windows上的另一个非管理员帐户？我发现您可以使用<$ c在 Linux 上执行此操作$ C> syscall.Setuid（）。我无法看到如何使用Windows系统调用包在Windows上执行此操作。我希望能够在程序运行时设置goroutine运行的帐户。这是可能的吗？

背景位置：我想切换运行goroutine的用户，以便更改传递给Oracle在数据库连接期间使用go-oci8时（请参阅我的其他问题）。我需要连接到数据库，并使用登录用户（OS用户）作为安全性的一部分。在java中，我可以在连接建立期间更改环境变量（或者如果仅为单个用户连接，则可以轻弹用户名环境变量）。

我有用户数据库用户名（这与操作系统用户名相匹配），我得到数据库用户密码。我没有用户的Windows登录密码。我希望能够以与我以突出显示的Linux端口绑定示例相似的方式将运行goroutine委托给作为管理员运行的主要go程序所需的windows用户。将Oracle登录更改为不使用操作系统用户不是一种选择，因此如果我无法解决问题，它将返回到Java :-(。

解决方案

理论上，不可能，因为在Linux和Windows上，用户身份的概念只存在于操作系统级别的线程，并且goroutine不是操作系统线程，相反，它们是非常轻量级的实体，通过Go调度器（Go运行时内置于可执行文件中的一部分）映射到实际的OS线程，并且在其生命周期中，goroutine可能会在不同时间在不同的OS线程上执行。

但是，您的情况最初设计用于帮助调用 C 代码中存在某种退出舱口：< a href =http://golang.org/pkg/runtime/#LockOSThread =nofollow> runtime.LockOSThread（） 。 goroutine调用这个函数，它被卡住在当前正在运行的线程上，不会安排在anot上调用她直到goroutine退出或调用 runtime.UnlockOSThread（）。

你可以像这样使用它：

  go func（）{
 runtime.LockOSThread（）
 defer runtime.UnlockOSThread（）
 impersonate（）//获取并假设一些其他凭证
 ... 
 
 code $ $ b $ p 
 
 
假想的 impersonate（）函数的实现超出了这个问题的范围;您可以使用 syscall 包来调用任何Win32 API函数，请参阅标准的Go库以获取示例。
 
 
 
 
 
 
请注意，在现实世界中调用 runtime.LockOSThread（）时，将整个操作系统线程专用于一个goroutine（通常它们中的很大一部分只运行在一个版本上），所以如果你计划产生很多锁定到操作系统线程的goroutine，准备好处理增加的操作系统资源使用情况。
 
 
 <更新：在Windows XP专业版SP3 32上测试过的一个工作示例使用Go 1.2.1 / i386。
 
 
 
它对由密码foo标识的用户foo进行硬编码。要在Windows上快速创建用户，请执行 
 
 
  net user foo * / ADD 
  
 
 
 
并在系统提示时输入密码两次。
 
How do you delegate the running of a goroutine to another non administrator account on windows? I see you can do this on Linux using syscall.Setuid(). I can't see how to do this on Windows using the windows syscall package. I'd like to be able to set the account the goroutine runs under while the program is running. Is this possible?

Bit of background :- I want to switch the user that runs the goroutine so I can change the OS User passed to Oracle during the database connection when I use go-oci8 (See my other question). I need to connect to the database and it uses the logged in user (OS User) as part of the security. In java I can change the environment variable during connection set up (or flick the username environmental variable if only connecting for a single user). 

I have the users database username (this matches the OS user name) and I get the database user password. I don't have the users windows login password. I was hoping to be able to delegate running a goroutine to the required windows user from the main go program running as admin in a similar way to Linux port binding example I highlighted. Changing the Oracle login to not use OS User is not an option so it will be back to Java if I can't work it out :-( .   
解决方案
In theory, no, it is not possible because both on Linux and Windows the concept of user's identity only exists for OS-level threads and goroutines are not OS threads—instead, they are very light-weight entities which are mapped to real OS threads by the Go scheduler (a part of the Go runtime built into your executable), and during its lifetime a goroutine might be executed on different OS threads at different times.

But there exist a sort of an "exit hatch" for your situation originally designed to help calling into C code: runtime.LockOSThread(). Once a goroutine calls this function it's stuck to the thread it's currently running on and won't be scheduled to be called on another no matter what until the goroutine exits or calls runtime.UnlockOSThread().

You might use this like this:
go func() {
  runtime.LockOSThread()
  defer runtime.UnlockOSThread()
  impersonate() // acquires and assumes some other credentials
  ...
}
The implementation of that imaginary impersonate() function is out of the scope of this question; you can call any Win32 API function using the syscall package—see the standard Go library for examples.



Note that calling runtime.LockOSThread() in real-world scenarious results in dedicating a whole OS thread to just a single goroutine (while usually a whole lot of them runs on just a single one) so if you plan to spawn a lot of such goroutines locked to OS threads be prepared to deal with increased OS resource usage.

Update: a working example tested on Windows XP Pro SP3 32-bit with Go 1.2.1/i386.

It hard codes the user "foo" identified by the password "foo".  To quickly create a user on Windows, do
net user foo * /ADD
and type its password twice when prompted.

                        
这篇关于在windows上，是否可以像一个不同的用户一样运行一个goroutine？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！