The socket(7) man page seems to imply that user credentials cannot be
sent on a unix datagram socket, unless socketpair() created it.
> SO_PEERCRED
> Return the credentials of the foreign process connected to this socket.
> This is only possible for connected AF_UNIX stream sockets and AF_UNIX
> stream and datagram socket pairs created using socketpair(2);
But through trial and error, without reading any kernel source, I
learned that you can send user credentials on a regular unix datagram
socket which was not created with socketpair().
I'm unsure what SO_PEERCRED is intended for; I used SO_PASSCRED in my
server code, and it works. I'm glad it does. Stream sockets would
require a file descriptor for each client. Ugh. What I want to do is
so much simpler with datagram sockets.
I have sample code at ftp://ftp.isp2dial.com/users/jak/src/test/uxdg/
I hope someone will revise the man page and explain that you can pass
user credentials on a unix datagram socket, even one not created with
socketpair().
This is a very useful feature. Please keep it in the kernel!
--
Webmail for Dialup Users
http://www.isp2dial.com/freeaccounts.html
On Sun, 05 Oct 2008 21:41:22 +0000, John Kelly <[email protected]>
wrote:
>The socket(7) man page seems to imply that user credentials cannot be
>sent on a unix datagram socket, unless socketpair() created it.
>> SO_PEERCRED
>> Return the credentials of the foreign process connected to this socket.
>> This is only possible for connected AF_UNIX stream sockets and AF_UNIX
>> stream and datagram socket pairs created using socketpair(2);
>But through trial and error, without reading any kernel source, I
>learned that you can send user credentials on a regular unix datagram
>socket which was not created with socketpair().
>I'm unsure what SO_PEERCRED is intended for; I used SO_PASSCRED in my
>server code, and it works.
Maybe I'm the only one on the planet interested in this subject, but
for posterity ... after browsing net/unix/af_unix.c, I see ...
Using SO_PEERCRED with getsockopt(2) reads an sk_peercred struct. It
seems this data is available in the kernel, without the client sending
credentials as ancillary data. In af_unix.c, unix_stream_connect and
unix_socketpair set this structure, but unix_dgram_connect does not.
So apparently, the socket(7) man page is accurate. However, it could
mislead one towards a wrong conclusion ...
As I learned by trial and error, you CAN get user credentials on a
regular datagram socket by using SO_PASSCRED, you just have to do it
the hard way, with the client explicitly sending his credentials as
ancillary data.
Works for me ....
--
Webmail for Dialup Users
http://www.isp2dial.com/freeaccounts.html