1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/*
getpeercred.c - function for determining information about the
other end of a unix socket
This file is part of the nss-pam-ldapd library.
Copyright (C) 2008 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
*/
#include "config.h"
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/un.h>
#ifdef HAVE_SYS_UCRED_H
#include <sys/ucred.h>
#endif /* HAVE SYS_UCRED_H */
#include <errno.h>
#ifdef HAVE_UCRED_H
#include <ucred.h>
#endif /* HAVE_UCRED_H */
#include "getpeercred.h"
/* Note: most of this code is untested, except for the first
implementation (it may even fail to compile) */
int getpeercred(int sock,uid_t *uid,gid_t *gid,pid_t *pid)
{
#if defined(SO_PEERCRED)
socklen_t l;
struct ucred cred;
/* initialize client information (in case getsockopt() breaks) */
cred.pid=(pid_t)0;
cred.uid=(uid_t)-1;
cred.gid=(gid_t)-1;
/* look up process information from peer */
l=(socklen_t)sizeof(struct ucred);
if (getsockopt(sock,SOL_SOCKET,SO_PEERCRED,&cred,&l) < 0)
return -1; /* errno already set */
/* return the data */
if (uid!=NULL) *uid=cred.uid;
if (gid!=NULL) *gid=cred.gid;
if (pid!=NULL) *pid=cred.pid;
return 0;
#elif defined(LOCAL_PEERCRED)
socklen_t l;
struct xucred cred;
/* look up process information from peer */
l=(socklen_t)sizeof(struct xucred);
if (getsockopt(sock,0,LOCAL_PEERCRED,&cred,&l) < 0)
return -1; /* errno already set */
if (cred.cr_version!=XUCRED_VERSION)
{
errno=EINVAL;
return -1;
}
/* return the data */
if (uid!=NULL) *uid=cred.cr_uid;
if (gid!=NULL) *gid=cred.cr_gid;
if (pid!=NULL) *pid=(pid_t)-1;
return 0;
#elif defined(HAVE_GETPEERUCRED)
ucred_t *cred=NULL;
if (getpeerucred(sock,&cred))
return -1;
/* save the data */
if (uid!=NULL) *uid=ucred_geteuid(cred);
if (gid!=NULL) *gid=ucred_getegid(cred);
if (pid!=NULL) *pid=ucred_getpid(cred);
/* free cred and return */
ucred_free(cred);
return 0;
#elif defined(HAVE_GETPEEREID)
uid_t tuid;
gid_t tgid;
if (uid==NULL) uid=&tuid;
if (gid==NULL) gid=&tguid;
if (getpeereid(sock,uid,gid))
return -1;
/* return the data */
if (uid!=NULL) *uid=cred.uid;
if (gid!=NULL) *gid=cred.gid;
if (pid!=NULL) *pid=-1; /* we return a -1 pid because we have no usable pid */
return 0;
#else
/* nothing found that is supported */
errno=ENOSYS;
return -1;
#endif
}
|