diff options
| -rw-r--r-- | include/unistd.h | 1 | ||||
| -rw-r--r-- | lib/libc/gen/Makefile.inc | 4 | ||||
| -rw-r--r-- | lib/libc/gen/getpeereid.3 | 136 | ||||
| -rw-r--r-- | lib/libc/gen/getpeereid.c | 53 |
4 files changed, 192 insertions, 2 deletions
diff --git a/include/unistd.h b/include/unistd.h index 8085cb9..0829adf 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -145,6 +145,7 @@ int getlogin_r __P((char *, int)); mode_t getmode __P((const void *, mode_t)); int getpagesize __P((void)) __pure2; char *getpass __P((const char *)); +int getpeereid __P((int, uid_t *, gid_t *)); int getpgid __P((pid_t _pid)); int getresgid __P((gid_t *, gid_t *, gid_t *)); int getresuid __P((uid_t *, uid_t *, uid_t *)); diff --git a/lib/libc/gen/Makefile.inc b/lib/libc/gen/Makefile.inc index 4d2806b..24cd03d 100644 --- a/lib/libc/gen/Makefile.inc +++ b/lib/libc/gen/Makefile.inc @@ -13,7 +13,7 @@ SRCS+= __xuname.c _pthread_stubs.c _rand48.c _spinlock_stub.c _thread_init.c \ getcap.c getcwd.c getdomainname.c getgrent.c getgrouplist.c \ gethostname.c getloadavg.c getlogin.c getmntinfo.c getnetgrent.c \ getobjformat.c getosreldate.c getpagesize.c \ - getpass.c getprogname.c getpwent.c getttyent.c \ + getpass.c getpeereid.c getprogname.c getpwent.c getttyent.c \ getusershell.c getvfsbyname.c getvfsent.c glob.c \ initgroups.c isatty.c jrand48.c lcong48.c \ lockf.c lrand48.c mrand48.c msgctl.c \ @@ -46,7 +46,7 @@ MAN+= alarm.3 arc4random.3 clock.3 \ getdiskbyname.3 getdomainname.3 getfsent.3 \ getgrent.3 getgrouplist.3 gethostname.3 getloadavg.3 \ getmntinfo.3 getnetgrent.3 getobjformat.3 \ - getpagesize.3 getpass.3 getprogname.3 getpwent.3 \ + getpagesize.3 getpass.3 getpeereid.3 getprogname.3 getpwent.3 \ getttyent.3 getusershell.3 getvfsbyname.3 getvfsent.3 \ glob.3 initgroups.3 isinf.3 \ ldexp.3 lockf.3 modf.3 msgctl.3 msgget.3 msgrcv.3 msgsnd.3 \ diff --git a/lib/libc/gen/getpeereid.3 b/lib/libc/gen/getpeereid.3 new file mode 100644 index 0000000..f59a96e --- /dev/null +++ b/lib/libc/gen/getpeereid.3 @@ -0,0 +1,136 @@ +.\" +.\" Copyright (c) 2001 Dima Dorfman. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd July 15, 2001 +.Dt GETPEEREID 3 +.Os +.Sh NAME +.Nm getpeereid +.Nd get the effective credentials of a UNIX-domain peer +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.Fd #include <sys/types.h> +.Fd #include <unistd.h> +.Ft int +.Fn getpeereid "int s" "uid_t *euid" "gid_t *egid" +.Sh DESCRIPTION +The +.Fn getpeereid +routine returns the effective user and group IDs of the +peer connected to a UNIX-domain socket. +The argument +.Fa s +must be a UNIX-domain socket +.Pq Xr unix 4 +of type +.Dv SOCK_STREAM +on which either +.Xr connect 2 +or +.Xr listen 2 +have been called. +The effective used ID is placed in +.Fa euid , +and the effective group ID in +.Fa egid . +.Pp +The credentials returned to the +.Xr listen 2 +caller are those of its peer at the time it called +.Xr connect 2 ; +the credentials returned to the +.Xr connect 2 +caller are those of its peer at the time it called +.Xr listen 2 . +This mechanism is reliable; there is no way for either side to influence +the credentials returned to its peer except by calling the appropriate +system call (i.e., either +.Xr connect 2 +or +.Xr listen 2 ) +under different effective credentials. +.Pp +One common use of this routine is for a UNIX-domain server +to verify the credentials of its client. +Likewise, the client can verify the credentials of the server. +.Sh IMPLEMENTATION NOTES +On +.Fx , +.Fn getpeereid +is implemented in terms of the +.Dv LOCAL_PEERCRED +.Xr unix 4 +socket option. +.Sh RETURN VALUES +If the call succeeds, a value of 0 is returned and +.Fa euid +and +.Fa egid +contain the effective user and group IDs of the peer on +.Fa s , +respectively. +If the call fails, a value of \-1 is returned and +.Va errno +is set to indicate the error. +.Sh ERRORS +The call succeeds unless: +.Bl -tag -width Er +.It Bq Er EBADF +The argument +.Fa s +is not a valid descriptor. +.It Bq Er ENOTSOCK +The argument +.Fa s +is a file, not a socket. +.It Bq Er ENOTCONN +The argument +.Fa s +does not refer to a socket on which +.Xr connect 2 +or +.Xr listen 2 +have been called. +.It Bq Er EINVAL +The argument +.Fa s +does not refer to a socket of type +.Dv SOCK_STREAM . +.El +.Sh SEE ALSO +.Xr connect 2 , +.Xr getpeername 2 , +.Xr getsockname 2 , +.Xr getsockopt 2 , +.Xr listen 2 , +.Xr unix 4 +.Sh HISTORY +The +.Fn getpeereid +routine appeared in +.Fx 5.0 . diff --git a/lib/libc/gen/getpeereid.c b/lib/libc/gen/getpeereid.c new file mode 100644 index 0000000..bd070db --- /dev/null +++ b/lib/libc/gen/getpeereid.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2001 Dima Dorfman. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_RCS) && !defined(lint) +static const char rcsid[] = + "$FreeBSD$"; +#endif /* LIBC_RCS and not lint */ + +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/ucred.h> +#include <sys/un.h> + +#include <unistd.h> + +int +getpeereid(int s, uid_t *euid, gid_t *egid) +{ + struct xucred xuc; + socklen_t xuclen; + int error; + + xuclen = sizeof(xuc); + error = getsockopt(s, LOCAL_PEERCRED, 1, &xuc, &xuclen); + if (error != 0) + return (error); + *euid = xuc.cr_uid; + *egid = xuc.cr_gid; + return (0); +} |
