User credentials on a unix datagram socket

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* User credentials on a unix datagram socket
@ 2008-10-05 21:41 John Kelly
  2008-10-07  0:04 ` John Kelly
  0 siblings, 1 reply; 2+ messages in thread
From: John Kelly @ 2008-10-05 21:41 UTC (permalink / raw)
  To: linux-kernel

The socket(7) man page seems to imply that user credentials cannot be
sent on a unix datagram socket, unless socketpair() created it.

> SO_PEERCRED
>   Return the credentials of the foreign process connected to this socket.
>   This is only possible for connected AF_UNIX stream sockets and AF_UNIX
>   stream and datagram socket pairs created using socketpair(2);

But through trial and error, without reading any kernel source, I
learned that you can send user credentials on a regular unix datagram
socket which was not created with socketpair().

I'm unsure what SO_PEERCRED is intended for; I used SO_PASSCRED in my
server code, and it works.  I'm glad it does.  Stream sockets would
require a file descriptor for each client.  Ugh.  What I want to do is
so much simpler with datagram sockets.

I have sample code at ftp://ftp.isp2dial.com/users/jak/src/test/uxdg/

I hope someone will revise the man page and explain that you can pass
user credentials on a unix datagram socket, even one not created with
socketpair().

This is a very useful feature.  Please keep it in the kernel!

-- 
Webmail for Dialup Users
http://www.isp2dial.com/freeaccounts.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: User credentials on a unix datagram socket
  2008-10-05 21:41 User credentials on a unix datagram socket John Kelly
@ 2008-10-07  0:04 ` John Kelly
  0 siblings, 0 replies; 2+ messages in thread
From: John Kelly @ 2008-10-07  0:04 UTC (permalink / raw)
  To: linux-kernel

On Sun, 05 Oct 2008 21:41:22 +0000, John Kelly <jak@isp2dial.com>
wrote:

>The socket(7) man page seems to imply that user credentials cannot be
>sent on a unix datagram socket, unless socketpair() created it.

>> SO_PEERCRED
>>   Return the credentials of the foreign process connected to this socket.
>>   This is only possible for connected AF_UNIX stream sockets and AF_UNIX
>>   stream and datagram socket pairs created using socketpair(2);

>But through trial and error, without reading any kernel source, I
>learned that you can send user credentials on a regular unix datagram
>socket which was not created with socketpair().

>I'm unsure what SO_PEERCRED is intended for; I used SO_PASSCRED in my
>server code, and it works.

Maybe I'm the only one on the planet interested in this subject, but
for posterity ... after browsing net/unix/af_unix.c, I see ...

Using SO_PEERCRED with getsockopt(2) reads an sk_peercred struct.  It
seems this data is available in the kernel, without the client sending
credentials as ancillary data.  In af_unix.c, unix_stream_connect and
unix_socketpair set this structure, but unix_dgram_connect does not.

So apparently, the socket(7) man page is accurate.  However, it could
mislead one towards a wrong conclusion ...

As I learned by trial and error, you CAN get user credentials on a
regular datagram socket by using SO_PASSCRED, you just have to do it
the hard way, with the client explicitly sending his credentials as
ancillary data.

Works for me ....

-- 
Webmail for Dialup Users
http://www.isp2dial.com/freeaccounts.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-10-07  0:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-05 21:41 User credentials on a unix datagram socket John Kelly
2008-10-07  0:04 ` John Kelly

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).