Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to get the uid of the other end of a unix socket connection

Tags:

linux

sockets

unix-socket

uid

dbus

Is there a way for a UNIX domain socket listener to only accept connection from certain user (chmod/chown does not work for abstract socket afaik), or in another word, get the uid of the incoming connection (on Linux)?

Dbus, which uses abstract unix socket on Linux, has a function GetConnectionUnixUser which is used by polkit to determine the caller. So I suppose the dbus-daemon must have a way to do that. Does anyone know how that works?

like image 721
yuyichao Avatar asked Mar 27 '12 23:03

yuyichao

People also ask

What is Unix domain socket endpoint?

UnixDomainSocketEndPoint(String) Initializes a new instance of the UnixDomainSocketEndPoint with the file path to connect a unix domain socket over.

Where are UNIX sockets stored?

They are to be stored in /run/ according to the Filesystem Hierarchy Standard (FHS).

Do Unix sockets have ports?

The port assignments to network services can be found in the file /etc/services. If you are writing your own server then care must be taken to assign a port to your server. You should make sure that this port should not be assigned to any other server.

Are UNIX sockets blocking?

The traditional UNIX system calls are blocking. For example: accept() blocks the caller until a connection is present. If no messages space is available at the socket to hold the message to be transmitted, then send() normally blocks.

1 Answers

The easiest way to check peer credentials is with SO_PEERCRED. To do this for socket sock:

int len;
struct ucred ucred;

len = sizeof(struct ucred);
if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1)
    // check errno

printf("Credentials from SO_PEERCRED: pid=%ld, euid=%ld, egid=%ld\n",
        (long) ucred.pid, (long) ucred.uid, (long) ucred.gid);

SO_PEERCRED
          Return the credentials of the foreign process connected to
          this socket.  This is possible only for connected AF_UNIX
          stream sockets and AF_UNIX stream and datagram socket pairs
          created using socketpair(2); see unix(7).  The returned
          credentials are those that were in effect at the time of the
          call to connect(2) or socketpair(2).  The argument is a ucred
          structure; define the _GNU_SOURCE feature test macro to obtain
          the definition of that structure from <sys/socket.h>.  This
          socket option is read-only.

From a tlpi example. PostgreSQL has a few variants for other unices.

like image 63
Gabriel Avatar answered Sep 20 '22 01:09

Gabriel
Sign in to Comment

Related questions

Visual Studio Code asking to authenticate 'Default keyring' everytime I start
Best approach to writing a generic installer for a Linux application?
Operations from atomic.h seem to be non-atomic
Linux - serial port read returning EAGAIN
Is there any difference between IPv4 and IPv6 at the socket level?
How to pre-compress very large html files
Why do I not see MSG_EOR for SOCK_SEQPACKET on linux?
Compile C++ for all linux distributions
STL and release/debug library mess
How to find the version of a compiled kernel module?
can xargs separate parameters?
How can I scp a file and run an ssh command asking for password only once?
How can I programmatically get the amount of memory currently available from C/C++ code?
How can I run a cron job with arguments and pass results to a log?
Use of /etc/passwd-, /etc/shadow-, /etc/group- [closed]
What's the range of file descriptors on 64-bit Linux?
intercepting file system system calls
Low latency/high performance network (ethernet) messaging
Thread local variables and fs segment
What is causing this 301 redirect? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!