View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001622 | Issue 8 drafts | System Interfaces | public | 2022-12-04 04:55 | 2022-12-04 04:55 |
| Reporter | illiliti | Assigned To | |||
| Priority | normal | Severity | Editorial | Type | Enhancement Request |
| Status | New | Resolution | Open | ||
| Product Version | Draft 2.1 | ||||
| Name | Mark Lundblad | ||||
| Organization | |||||
| User Reference | |||||
| Section | System Interfaces | ||||
| Page Number | - | ||||
| Line Number | - | ||||
| Final Accepted Text | |||||
| Summary | 0001622: Standardize getpeereid function | ||||
| Description | This function provides a mechanism to get credentials of a peer that created/initialized unix socket. Such mechanism is useful for AF_UNIX servers and clients that need a reliable way to know each other's credentials to implement e.g. accounting or authorization. See also: https://cr.yp.to/docs/secureipc.html It is quite portable and already implemented at least in QNX, AIX, FreeBSD, NetBSD, OpenBSD, Cygwin. Linux and Illumos/Solaris provide similar interfaces, though they don't look suitable for inclusion. Linux SO_PEERCRED is incompatible with OpenBSD due to a different structure name, whereas Illumos/Solaris getpeerucred() is just terrible; it allocates memory and requires a dedicated function to free it. I also evaluated LOCAL_PEERCRED from FreeBSD and LOCAL_PEEREID from NetBSD that are used there to power getpeereid(). LOCAL_PEERCRED uses structure which has platform-specific type in it, so I immidiately rejected it. As of LOCAL_PEEREID, it looks fine, but I afraid if we going to standardize it, it'll cause friction in systems that already provide similar(and potentially incompatible)interface in getsockopt(). Therefore let's just add getpeereid. | ||||
| Desired Action | Standardize getpeereid function. The following man page is a splice of OpenBSD and NetBSD man pages with some modifications to take into the account other systems. NAME getpeereid - get effective user and group identification of locally- connected peer SYNOPSIS #include <sys/types.h> #include <sys/socket.h> int getpeereid(int socket, uid_t *uid, gid_t *gid); DESCRIPTION getpeereid() returns the effective user and group IDs of the peer connected to a socket in the UNIX domain. If argument uid or gid is NULL, the behavior is unspecified. The argument socket shall be AF_UNIX socket of type SOCK_STREAM or SOCK_SEQPACKET on which either connect(2) has been called, or one returned from accept(2) after bind(2) and listen(2) have been called, or one returned from socketpair(2). The credentials returned to the accept(2) caller are those of its peer at the time it called connect(2). The credentials returned to the connect(2) caller are those of its peer at the time it called bind(2) and listen(2). In the case of socketpair(), the returned credentials are those that were at the time of the call to it. RETURN VALUES If the call succeeds, a value of 0 is returned and uid and gid are set to the effective user ID and group ID of the connected peer. Otherwise, errno is set and a value of -1 is returned. ERRORS On failure, errno is set to one of the following: [EBADF] The argument socket is not a valid descriptor. [ENOTSOCK] The argument socket is a file, not a socket. [ENOTCONN] The socket is not connected. [EOPNOTSUPP] The socket is not in the UNIX-domain. [EINVAL] The argument socket does not refer to a socket of type SOCK_STREAM or SOCK_SEQPACKET, or the system returned invalid data. | ||||
| Tags | No tags attached. | ||||
