UNIX credential passing
Kris Kennaway
kris at FreeBSD.org
Fri May 30 19:04:50 EDT 2008
Sebastian 'lunar' Wiesner wrote:
> [ Kris Kennaway <kris at FreeBSD.org> ]
>
>> I want to make use of UNIX credential passing on a local domain socket
>> to verify the identity of a user connecting to a privileged service.
>> However it looks like the socket module doesn't implement
>> sendmsg/recvmsg wrappers, and I can't find another module that does this
>> either. Is there something I have missed?
>
> http://pyside.blogspot.com/2007/07/unix-socket-credentials-with-python.html
>
> Illustrates, how to use socket credentials without sendmsg/recvmsg and so
> without any need for patching.
>
>
Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific, but it put me on the right track. Here is
an equivalent FreeBSD implementation:
def getpeereid(sock):
""" Get peer credentials on a UNIX domain socket.
Returns a nested tuple: (uid, (gids)) """
LOCAL_PEERCRED = 0x001
NGROUPS = 16
#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};
xucred_fmt = '2ih16iP'
res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0,
LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))
# Check this is the above version of the structure
if res[0] != 0:
raise OSError
return (res[1], res[3:3+res[2]])
Kris
More information about the Python-list
mailing list