Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getCredentials should be supported on more platforms #36

Open
felfert opened this issue Nov 4, 2016 · 0 comments
Open

getCredentials should be supported on more platforms #36

felfert opened this issue Nov 4, 2016 · 0 comments

Comments

@felfert
Copy link
Contributor

felfert commented Nov 4, 2016
edited
Loading

I just stumbled over this while working on refactoring:

Fetching peer credentials is currently supported on Linux only. This can be improved.

  • On OpenBSD, there is SO_PEERCRED in sys/socket.h as well as a corresponding struct:
#define SO_PEERCRED     0x1022          /* get connect-time credentials */
/* Read using getsockopt() with SOL_SOCKET, SO_PEERCRED */
struct sockpeercred {
        uid_t           uid;            /* effective user id */
        gid_t           gid;            /* effective group id */
        pid_t           pid;
};
  • On OSX and FreeBSD, there is LOCAL_PEERCRED which does something similar. Excerpt from unix(7):
LOCAL_PEERCRED      Requested via getsockopt(2) on a SOCK_STREAM socket
                         returns credentials of the remote side.  These will
                         arrive in the form of a filled in xucred structure,
                         defined in <sys/ucred.h> as follows:

                         struct xucred {
                           u_int cr_version;             /* structure layout version */
                           uid_t cr_uid;                 /* effective user id */
                           short cr_ngroups;             /* number of groups */
                           gid_t cr_groups[XU_NGROUPS];  /* groups */
                         };
                         The cr_version fields should be checked against
                         XUCRED_VERSION define.

                         The credentials presented to the server (the
                         listen(2) caller) are those of the client when it
                         called connect(2); the credentials presented to the
                         client (the connect(2) caller) are those of the
                         server when it called listen(2).  This mechanism is
                         reliable; there is no way for either party to
                         influence the credentials presented to its peer
                         except by calling the appropriate system call (e.g.,
                         connect(2) or listen(2)) under different effective
                         credentials.

On all the above platforms, those are restricted to SOCK_STREAM type AF_UNIX sockets.
felfert added a commit to marcuslinke/jnr-unixsocket that referenced this issue Nov 4, 2016
@felfert
Skip Credentials related tests on non-Linux platforms. See jnr#36
2462b00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@felfert