0001622: Standardize getpeereid function - Austin Group Defect Tracker

Austin Group Defect Tracker

Aardvark Mark IV

Viewing Issue Simple Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Category

Severity

Type

Date Submitted

Last Update

0001622

[Issue 8 drafts] System Interfaces

Editorial

Enhancement Request

2022-12-04 04:55

Reporter

illiliti

View Status

public

Assigned To

Priority

normal

Resolution

Open

Status

New

Product Version

Draft 2.1

Name

Mark Lundblad

Organization

User Reference

Section

System Interfaces

Page Number

Line Number

Final Accepted Text

Summary

0001622: Standardize getpeereid function

Description

This function provides a mechanism to get credentials of a peer that
created/initialized unix socket. Such mechanism is useful for AF_UNIX servers
and clients that need a reliable way to know each other's credentials to
implement e.g. accounting or authorization. See also: https://cr.yp.to/docs/secureipc.html [^]

It is quite portable and already implemented at least in QNX, AIX, FreeBSD,
NetBSD, OpenBSD, Cygwin. Linux and Illumos/Solaris provide similar interfaces,
though they don't look suitable for inclusion. Linux SO_PEERCRED is incompatible
with OpenBSD due to a different structure name, whereas Illumos/Solaris
getpeerucred() is just terrible; it allocates memory and requires a dedicated
function to free it.

I also evaluated LOCAL_PEERCRED from FreeBSD and LOCAL_PEEREID from NetBSD that
are used there to power getpeereid(). LOCAL_PEERCRED uses structure which has
platform-specific type in it, so I immidiately rejected it. As of LOCAL_PEEREID,
it looks fine, but I afraid if we going to standardize it, it'll cause friction
in systems that already provide similar(and potentially incompatible)interface in
getsockopt(). Therefore let's just add getpeereid.

Desired Action

Standardize getpeereid function. The following man page is a splice of OpenBSD
and NetBSD man pages with some modifications to take into the account other
systems.

NAME

getpeereid - get effective user and group identification of locally-
connected peer

SYNOPSIS

#include <sys/types.h>
#include <sys/socket.h>

int getpeereid(int socket, uid_t *uid, gid_t *gid);

DESCRIPTION

getpeereid() returns the effective user and group IDs of the peer connected
to a socket in the UNIX domain. If argument uid or gid is NULL, the behavior
is unspecified.

The argument socket shall be AF_UNIX socket of type SOCK_STREAM or
SOCK_SEQPACKET on which either connect(2) has been called, or one returned
from accept(2) after bind(2) and listen(2) have been called, or one returned
from socketpair(2).

The credentials returned to the accept(2) caller are those of its peer at
the time it called connect(2). The credentials returned to the connect(2)
caller are those of its peer at the time it called bind(2) and listen(2).
In the case of socketpair(), the returned credentials are those that were
at the time of the call to it.

RETURN VALUES

If the call succeeds, a value of 0 is returned and uid and gid are set to the
effective user ID and group ID of the connected peer. Otherwise, errno is set
and a value of -1 is returned.

ERRORS

On failure, errno is set to one of the following:

[EBADF] The argument socket is not a valid descriptor.

[ENOTSOCK] The argument socket is a file, not a socket.

[ENOTCONN] The socket is not connected.

[EOPNOTSUPP] The socket is not in the UNIX-domain.

[EINVAL] The argument socket does not refer to a socket of type SOCK_STREAM
or SOCK_SEQPACKET, or the system returned invalid data.

Issue History
Date Modified	Username	Field	Change
2022-12-04 04:55	illiliti	New Issue
2022-12-04 04:55	illiliti	Name	=> Mark Lundblad
2022-12-04 04:55	illiliti	Section	=> System Interfaces
2022-12-04 04:55	illiliti	Page Number	=> -
2022-12-04 04:55	illiliti	Line Number	=> -

Relationships