Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001622 [Issue 8 drafts] System Interfaces Editorial Enhancement Request 2022-12-04 04:55 2022-12-04 04:55
Reporter illiliti View Status public  
Assigned To
Priority normal Resolution Open  
Status New   Product Version Draft 2.1
Name Mark Lundblad
Organization
User Reference
Section System Interfaces
Page Number -
Line Number -
Final Accepted Text
Summary 0001622: Standardize getpeereid function
Description This function provides a mechanism to get credentials of a peer that
created/initialized unix socket. Such mechanism is useful for AF_UNIX servers
and clients that need a reliable way to know each other's credentials to
implement e.g. accounting or authorization. See also: https://cr.yp.to/docs/secureipc.html [^]

It is quite portable and already implemented at least in QNX, AIX, FreeBSD,
NetBSD, OpenBSD, Cygwin. Linux and Illumos/Solaris provide similar interfaces,
though they don't look suitable for inclusion. Linux SO_PEERCRED is incompatible
with OpenBSD due to a different structure name, whereas Illumos/Solaris
getpeerucred() is just terrible; it allocates memory and requires a dedicated
function to free it.

I also evaluated LOCAL_PEERCRED from FreeBSD and LOCAL_PEEREID from NetBSD that
are used there to power getpeereid(). LOCAL_PEERCRED uses structure which has
platform-specific type in it, so I immidiately rejected it. As of LOCAL_PEEREID,
it looks fine, but I afraid if we going to standardize it, it'll cause friction
in systems that already provide similar(and potentially incompatible)interface in
getsockopt(). Therefore let's just add getpeereid.
Desired Action Standardize getpeereid function. The following man page is a splice of OpenBSD
and NetBSD man pages with some modifications to take into the account other
systems.


NAME

getpeereid - get effective user and group identification of locally-
connected peer

SYNOPSIS

#include <sys/types.h>
#include <sys/socket.h>

int getpeereid(int socket, uid_t *uid, gid_t *gid);

DESCRIPTION

getpeereid() returns the effective user and group IDs of the peer connected
to a socket in the UNIX domain. If argument uid or gid is NULL, the behavior
is unspecified.

The argument socket shall be AF_UNIX socket of type SOCK_STREAM or
SOCK_SEQPACKET on which either connect(2) has been called, or one returned
from accept(2) after bind(2) and listen(2) have been called, or one returned
from socketpair(2).

The credentials returned to the accept(2) caller are those of its peer at
the time it called connect(2). The credentials returned to the connect(2)
caller are those of its peer at the time it called bind(2) and listen(2).
In the case of socketpair(), the returned credentials are those that were
at the time of the call to it.

RETURN VALUES

If the call succeeds, a value of 0 is returned and uid and gid are set to the
effective user ID and group ID of the connected peer. Otherwise, errno is set
and a value of -1 is returned.

ERRORS

On failure, errno is set to one of the following:

[EBADF] The argument socket is not a valid descriptor.

[ENOTSOCK] The argument socket is a file, not a socket.

[ENOTCONN] The socket is not connected.

[EOPNOTSUPP] The socket is not in the UNIX-domain.

[EINVAL] The argument socket does not refer to a socket of type SOCK_STREAM
         or SOCK_SEQPACKET, or the system returned invalid data.
Tags No tags attached.
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2022-12-04 04:55 illiliti New Issue
2022-12-04 04:55 illiliti Name => Mark Lundblad
2022-12-04 04:55 illiliti Section => System Interfaces
2022-12-04 04:55 illiliti Page Number => -
2022-12-04 04:55 illiliti Line Number => -


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker