Authenticating Unix Domain sockets.
Viktor Dukhovni
viktor at shearson.com
Thu Jan 31 08:32:27 AEST 1991
lwall at jpl-devvax.JPL.NASA.GOV (Larry Wall) writes:
>In article <1991Jan29.063539.2169 at objy.com> peter at objy.com writes:
>: What I would like is a guaranteed way of finding out the uid of a process
>: that just connected to me using local (same machine) IPC.
>What do you mean by "the" uid? Given that the other end of a socket may
>be open multiple times by multiple processes, there's no guarantee of
>uniqueness.
Actually this is wrong! With a SOCK_STREAM socket,
or using the "fromaddr" argument of recvfrom() the peer address
can be examined using getpeername or directly respectively.
Since UNIX sockets must be bound explicitly, and must not
exit prior to creation, the effecttive user id of the remote process
is the same as the owner of the the remote socket in the file space.
Just
struct sockaddr_un fromaddr;
int len=sizeof(fromaddr);
uid_t uid;
bzero(fromaddr,len);
geetpeername(s,(struct sockaddr *)&fromaddr,&len);
if ( ((struct sockaddr *)&fromaddr)->sa_family != AF_UNIX ) {
/* Bitch about impossible connection */
exit(1);
}
stat( fromaddr.sun_path, &st );
uid = st.st_uid;
...
Works for me. Your mileage may vary.
--
--
Viktor Dukhovni <viktor at shearson.com> : ARPA
<...!uunet!shearson.com!viktor> : UUCP
388 Greenwich St., 11th floor, NY, NY 10013 : US-Post
More information about the Comp.unix.wizards
mailing list