in reply to How to read UNIX socket credentials?

Monks, this is how I implemented a solution for the above problem: 
use strict;
use warnings;
use IO::Socket;
use IO::Handle::Record;
$| = 1;
unlink('/tmp/catsock');
my $server = new IO::Socket::UNIX(
    Type => SOCK_STREAM,
    Local => '/tmp/catsock',
    Listen => SOMAXCONN
);
die "Coudn't open socket" unless $server;
my $client;
my $count = 0;
while(1) {
    $client = $server->accept();
    my ($pid, $uid, $gid) = $client->peercred;
    # name, pass, uid, gid, quota, comment, gcos, dir, shell, expire
    my @uinfo = getpwuid($uid);
    print "$count. Credentials User: $uinfo[0] PID: $pid UID: $uid GID
+: $gid\n" . <$client> . "\n";
    $count++;
}

[download]
However, I would really like to see how this can be implemented without using IO::Socket::UNIX.
Or is it at all possible.
One Planet, One Internet... We Are All Connected...

Replies are listed 'Best First'.
Re^2: How to read UNIX socket credentials?
by ikegami (Patriarch) on Jan 07, 2011 at 09:14 UTC

    Pretty sure it'll work with an unblessed UNIX socket handle too. 

    my ($pid, $uid, $gid) = IO::Handle::Record::peercred($client);

    [download]

    If not, it should be easy to code in pure Perl since the above function is simply 

    void
smh_peercred(s)
    PerlIO* s;
PROTOTYPE: $
PPCODE:
{
# ifdef SO_PEERCRED
  struct ucred uc;
  socklen_t uc_len=sizeof(uc);

  if( !getsockopt(PerlIO_fileno(s), SOL_SOCKET, SO_PEERCRED, &uc, &uc_
+len) ) {
    EXTEND(SP, 3);
    PUSHs(sv_2mortal(newSViv(uc.pid)));
    PUSHs(sv_2mortal(newSViv(uc.uid)));
    PUSHs(sv_2mortal(newSViv(uc.gid)));
  }
# else
  SETERRNO(EOPNOTSUPP, RMS_IFI);
# endif
}

    [download]

    and fileno (builtin), getsockopt (builtin), SOL_SOCKET (Socket) and SO_PEERCRED (Socket) are all in core Perl.

    Mind you, IO::Socket::UNIX is just a thin layer that greatly simplifies socket calls with no loss of flexibility, so I wonder why you want to try to avoid it.

[reply]
[d/l]
[select]
      my ($pid, $uid, $gid) = IO::Handle::Record::peercred($client);

      [download]
      Thank you for the solution! It works like a charm on Linux and FreeBSD.
      One Planet, One Internet... We Are All Connected...
[reply]
[d/l]
        This won't work on Solaris / MacOS / OpenBSD (I think anyway), as they don't support the SO_PEERCRED getsockopt() sub-call.

        Solaris is of particular interest to me; I did some digging and found that it supports getting the credentials of the remote peer (to include PF_INET sockets, so long as the remote peer is on the same system e.g. a loopback connection, a process running in another zone, or running at a different level of trust). It does it through a completely different API though; to get started, see the manpages for ucred_get() (describes the whole family) and in particular getpeerucred().

        Sun supplies Sun::Solaris::Ucred.pm with the Sun-provided Perl packages, which exposes this API to Perl.

        Here's my slapdash implementation for getting peer credentials on both Linux and Solaris (disclaimer: this is a proof of concept, I /know/ there are several glaring problems): 
        use IO::Socket::UNIX qw( SOCK_STREAM SOMAXCONN SOL_SOCKET 
                                      SO_PEERCRED );

# Assume that $socket represents a connected UNIX-domain socket, 
#   and use it like so:
my ($pid, $uid, $gid) = socket_peercreds($socket);

sub socket_peercreds {
        my $socket = shift;

        my($gid, $os, $packed, $pid, $ucred, $uid);

        chomp($os = `uname -s`);

        if($os eq 'Linux'){
                $packed = getsockopt($socket, SOL_SOCKET, SO_PEERCRED)
+;

                 # these are lowercase Ls
                ($pid, $uid, $gid) = unpack('lll', $packed);

                return ($pid, $uid, $gid);
        }
        elsif($os eq 'SunOS'){
                eval "use Sun::Solaris::Ucred qw(getpeerucred ucred_ge
+t ucred_geteuid ucred_getegid ucred_getpid);
";

                $ucred = getpeerucred(fileno($socket));
                if(! defined($ucred)){
                        print "ERROR: getpeerucred() failed: $!\n";
                        print "\$ucred: $ucred\n";
                        return undef;
                }

                $uid = ucred_geteuid($ucred);
                $gid = ucred_getegid($ucred);
                $pid = ucred_getpid($ucred);
                return ($pid, $uid, $gid);
        }
        else {
                print "ERROR: Unknown os, can't get peer's creds\n";
                return undef;
        }
}

        [download]
[reply]
[d/l]
Re^2: How to read UNIX socket credentials?
by cdarke (Prior) on Jan 07, 2011 at 08:38 UTC
    A problem might be that SCM_CREDENTIALS is not in the POSIX standard as an option. The option is specific to Linux, although BSD appears to have a similar option called SCM_CREDS (untested).
[reply]

In Section Seekers of Perl Wisdom