Date: Wed, 6 Feb 2008 10:54:50 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: "Zane C.B." <v.velox@vvelox.net> Cc: freebsd security <freebsd-security@freebsd.org>, Fernando Schapachnik <fschapachnik@mecon.gov.ar> Subject: Re: LOCAL_CREDS and unix domain sockets Message-ID: <20080206105127.V33144@fledge.watson.org> In-Reply-To: <20080205143119.067bd619@vixen42> References: <20080205083417.3f3a4a3b@vixen42> <20080205152110.GE1123@bal740r0.mecon.gov.ar> <20080205143119.067bd619@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Feb 2008, Zane C.B. wrote: > On Tue, 5 Feb 2008 13:21:10 -0200 Fernando Schapachnik > <fschapachnik@mecon.gov.ar> wrote: > >> En un mensaje anterior, Zane C.B. escribió: >>> With unix domain sockets, unix(4), are LOCAL_CREDS actually supported or >>> not? >>> >>> I've been trying to fetch this from within a Perl script using 'my >>> $local_creds=$some_connection->sockopt(LOCAL_CREDS)', but all I keep >>> getting is a undefined variable in return, as if fetching it is not >>> supported. >> >> Maybe LOCAL_CREDS is not defined. Maybe LOCAL_CREDS() (perl notation for >> constants) works? > > Hmm, that turns out to be the point. I've checked and it is not in > '/usr/local/lib/perl5/5.8.8/mach/Socket.pm'. > > I think my understanding if when I originally posted the email was wrong as > well. I need to set the socket option LOCAL_CREDS and fetch them using > recvmsg. > > Can some one please verify my understanding of this is right? Yes, that's correct -- you use setsockopt() to request that an SCM_CREDS control message be attached to either every message coming in on the socket (SOCK_DGRAM) or the first message arriving on accepted sockets (listen SOCK_STREAM). You can then use recvmsg to get the credential information. Alternatively, LOCAL_PEERCRED allows you to query the credential at any time using a socket option for a stream socket (keep in mind that the credential is cached when the connection is made, and might not reflect the credential of a process sending on the socket if it's been inherited/passed). Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080206105127.V33144>