diff options
author | dd <dd@FreeBSD.org> | 2001-08-17 22:01:18 +0000 |
---|---|---|
committer | dd <dd@FreeBSD.org> | 2001-08-17 22:01:18 +0000 |
commit | 5e416567e18401664948a984b8208f0d39a1f0fd (patch) | |
tree | a9fd833a0d5be8077a8bafc85a497fe0bae21cfa /share/man/man4/unix.4 | |
parent | 90eec3a264887cf9fc47c0654b2012231223b681 (diff) | |
download | FreeBSD-src-5e416567e18401664948a984b8208f0d39a1f0fd.zip FreeBSD-src-5e416567e18401664948a984b8208f0d39a1f0fd.tar.gz |
Implement a LOCAL_PEERCRED socket option which returns a
`struct xucred` with the credentials of the connected peer.
Obviously this only works (and makes sense) on SOCK_STREAM
sockets. This works for both the connect(2) and listen(2)
callers.
There is precise documentation of the semantics in unix(4).
Reviewed by: dwmalone (eyeballed)
Diffstat (limited to 'share/man/man4/unix.4')
-rw-r--r-- | share/man/man4/unix.4 | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/share/man/man4/unix.4 b/share/man/man4/unix.4 index 7356edb..53535b6 100644 --- a/share/man/man4/unix.4 +++ b/share/man/man4/unix.4 @@ -32,7 +32,7 @@ .\" @(#)unix.4 8.1 (Berkeley) 6/9/93 .\" $FreeBSD$ .\" -.Dd June 9, 1993 +.Dd July 15, 2001 .Dt UNIX 4 .Os .Sh NAME @@ -147,6 +147,35 @@ passed to a receiver. Descriptors that are awaiting delivery, or that are purposely not received, are automatically closed by the system when the destination socket is closed. +.Pp +The effective credentials (i.e., the user ID and group list) the of a +peer on a +.Dv SOCK_STREAM +socket may be obtained using the +.Dv LOCAL_PEERCRED +socket option. +This may be used by a server to obtain and verify the credentials of +its client, and vice versa by the client to verify the credentials +of the server. +These will arrive in the form of a filled in +.Ar struct xucred +(defined in +.Pa sys/ucred.h ) . +The credentials presented to the server (the +.Xr listen 2 +caller) are those of the client when it called +.Xr connect 2 ; +the credentials presented to the client (the +.Xr connect 2 +caller) are those of the server when it called +.Xr listen 2 . +This mechanism is reliable; there is no way for either party to influence +the credentials presented to its peer except by calling the appropriate +system call (e.g., +.Xr connect 2 +or +.Xr listen 2 ) +under different effective credentials. .Sh SEE ALSO .Xr socket 2 , .Xr intro 4 |