Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!shearson.com!viktor
From: viktor@shearson.com (Viktor Dukhovni)
Newsgroups: comp.unix.wizards
Subject: Re: Authenticating Unix Domain sockets.
Message-ID: <1991Jan30.213227.19055@shearson.com>
Date: 30 Jan 91 21:32:27 GMT
References: <1991Jan29.063539.2169@objy.com> <11225@jpl-devvax.JPL.NASA.GOV>
Organization: Shearson Lehman
Lines: 44

lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) writes:

>In article <1991Jan29.063539.2169@objy.com> peter@objy.com writes:
>: What I would like is a guaranteed way of finding out the uid of a process
>: that just connected to me using local (same machine) IPC.

>What do you mean by "the" uid?  Given that the other end of a socket may
>be open multiple times by multiple processes, there's no guarantee of
>uniqueness.

	Actually this is wrong!  With a SOCK_STREAM socket,  
or using the "fromaddr" argument of recvfrom() the peer address
can be examined using getpeername or directly respectively.

	Since UNIX sockets must be bound explicitly,  and must not
exit prior to creation,  the effecttive user id of the remote process
is the same as the owner of the the remote socket in the file space.

	Just 
	
	struct sockaddr_un fromaddr;
	int len=sizeof(fromaddr);
	uid_t uid;

	bzero(fromaddr,len);

	geetpeername(s,(struct sockaddr *)&fromaddr,&len);
	if ( ((struct sockaddr *)&fromaddr)->sa_family != AF_UNIX ) {
		/* Bitch about impossible connection */
		exit(1);
	}

	stat( fromaddr.sun_path, &st );
	uid = st.st_uid;

	...

Works for me.  Your mileage may vary.

-- 
-- 
        Viktor Dukhovni <viktor@shearson.com>       : ARPA
                <...!uunet!shearson.com!viktor>     : UUCP
        388 Greenwich St., 11th floor, NY, NY 10013 : US-Post