3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2012 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
18 #define _GNU_SOURCE 1 /* Needed for glibc struct ucred */
23 #ifndef HAVE_GETPEEREID
25 #include <sys/types.h>
26 #include <ac/unistd.h>
28 #include <ac/socket.h>
31 #ifdef HAVE_GETPEERUCRED
35 #ifdef LDAP_PF_LOCAL_SENDMSG
43 #ifdef HAVE_SYS_UCRED_H
45 #include <grp.h> /* for NGROUPS on Tru64 5.1 */
47 #include <sys/ucred.h>
52 int lutil_getpeereid( int s, uid_t *euid, gid_t *egid
53 #ifdef LDAP_PF_LOCAL_SENDMSG
54 , struct berval *peerbv
59 #if defined( HAVE_GETPEERUCRED )
61 if( getpeerucred( s, &uc ) == 0 ) {
62 *euid = ucred_geteuid( uc );
63 *egid = ucred_getegid( uc );
68 #elif defined( SO_PEERCRED )
69 struct ucred peercred;
70 ber_socklen_t peercredlen = sizeof peercred;
72 if(( getsockopt( s, SOL_SOCKET, SO_PEERCRED,
73 (void *)&peercred, &peercredlen ) == 0 )
74 && ( peercredlen == sizeof peercred ))
81 #elif defined( LOCAL_PEERCRED )
82 struct xucred peercred;
83 ber_socklen_t peercredlen = sizeof peercred;
85 if(( getsockopt( s, LOCAL_PEERCRED, 1,
86 (void *)&peercred, &peercredlen ) == 0 )
87 && ( peercred.cr_version == XUCRED_VERSION ))
89 *euid = peercred.cr_uid;
90 *egid = peercred.cr_gid;
93 #elif defined( LDAP_PF_LOCAL_SENDMSG ) && defined( MSG_WAITALL )
96 struct msghdr msg = {0};
97 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
99 # define CMSG_SPACE(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + _CMSG_ALIGN(len))
102 # define CMSG_LEN(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
108 struct cmsghdr *cmsg;
109 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
111 struct sockaddr_un lname, rname;
112 ber_socklen_t llen, rlen;
114 rlen = sizeof(rname);
115 llen = sizeof(lname);
116 memset( &lname, 0, sizeof( lname ));
117 getsockname(s, (struct sockaddr *)&lname, &llen);
119 iov.iov_base = peerbv->bv_val;
120 iov.iov_len = peerbv->bv_len;
125 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
126 msg.msg_control = &control_st;
127 msg.msg_controllen = sizeof( struct cmsghdr ) + sizeof( int ); /* no padding! */
129 cmsg = CMSG_FIRSTHDR( &msg );
131 msg.msg_accrights = (char *)&fd;
132 msg.msg_accrightslen = sizeof(fd);
136 * AIX returns a bogus file descriptor if recvmsg() is
137 * called with MSG_PEEK (is this a bug?). Hence we need
138 * to receive the Abandon PDU.
140 err = recvmsg( s, &msg, MSG_WAITALL );
142 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
143 cmsg->cmsg_len == CMSG_LEN( sizeof(int) ) &&
144 cmsg->cmsg_level == SOL_SOCKET &&
145 cmsg->cmsg_type == SCM_RIGHTS
147 msg.msg_accrightslen == sizeof(int)
148 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL*/
150 int mode = S_IFIFO|S_ISUID|S_IRWXU;
152 /* We must receive a valid descriptor, it must be a pipe,
153 * it must only be accessible by its owner, and it must
154 * have the name of our socket written on it.
156 peerbv->bv_len = err;
157 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
158 fd = (*(int *)CMSG_DATA( cmsg ));
160 err = fstat( fd, &st );
162 rlen = read(fd, &rname, rlen);
164 if( err == 0 && st.st_mode == mode &&
165 llen == rlen && !memcmp(&lname, &rname, llen))
172 #elif defined(SOCKCREDSIZE)
174 ber_socklen_t crmsgsize;
179 memset(&msg, 0, sizeof msg);
180 crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
181 if (crmsgsize == 0) goto sc_err;
182 crmsg = malloc(crmsgsize);
183 if (crmsg == NULL) goto sc_err;
184 memset(crmsg, 0, crmsgsize);
186 msg.msg_control = crmsg;
187 msg.msg_controllen = crmsgsize;
189 if (recvmsg(s, &msg, 0) < 0) {
194 if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
199 cmp = CMSG_FIRSTHDR(&msg);
200 if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
205 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
215 #endif /* LDAP_PF_LOCAL */
220 #endif /* HAVE_GETPEEREID */