3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2007 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
19 #ifndef HAVE_GETPEEREID
21 #include <sys/types.h>
22 #include <ac/unistd.h>
24 #include <ac/socket.h>
27 #ifdef HAVE_GETPEERUCRED
31 #ifdef LDAP_PF_LOCAL_SENDMSG
39 #ifdef HAVE_SYS_UCRED_H
41 #include <grp.h> /* for NGROUPS on Tru64 5.1 */
43 #include <sys/ucred.h>
48 int lutil_getpeereid( int s, uid_t *euid, gid_t *egid
49 #ifdef LDAP_PF_LOCAL_SENDMSG
50 , struct berval *peerbv
55 #if defined( HAVE_GETPEERUCRED )
57 if( getpeerucred( s, &uc ) == 0 ) {
58 *euid = ucred_geteuid( uc );
59 *egid = ucred_getegid( uc );
63 #elif defined( SO_PEERCRED )
64 struct ucred peercred;
65 ber_socklen_t peercredlen = sizeof peercred;
67 if(( getsockopt( s, SOL_SOCKET, SO_PEERCRED,
68 (void *)&peercred, &peercredlen ) == 0 )
69 && ( peercredlen == sizeof peercred ))
76 #elif defined( LOCAL_PEERCRED )
77 struct xucred peercred;
78 ber_socklen_t peercredlen = sizeof peercred;
80 if(( getsockopt( s, LOCAL_PEERCRED, 1,
81 (void *)&peercred, &peercredlen ) == 0 )
82 && ( peercred.cr_version == XUCRED_VERSION ))
84 *euid = peercred.cr_uid;
85 *egid = peercred.cr_gid;
88 #elif defined( LDAP_PF_LOCAL_SENDMSG ) && defined( MSG_WAITALL )
91 struct msghdr msg = {0};
92 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
94 # define CMSG_SPACE(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + _CMSG_ALIGN(len))
97 # define CMSG_LEN(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
103 struct cmsghdr *cmsg;
104 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
106 struct sockaddr_un lname, rname;
107 ber_socklen_t llen, rlen;
109 rlen = sizeof(rname);
110 llen = sizeof(lname);
111 memset( &lname, 0, sizeof( lname ));
112 getsockname(s, (struct sockaddr *)&lname, &llen);
114 iov.iov_base = peerbv->bv_val;
115 iov.iov_len = peerbv->bv_len;
120 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
121 msg.msg_control = &control_st;
122 msg.msg_controllen = sizeof( struct cmsghdr ) + sizeof( int ); /* no padding! */
124 cmsg = CMSG_FIRSTHDR( &msg );
126 msg.msg_accrights = (char *)&fd;
127 msg.msg_accrightslen = sizeof(fd);
131 * AIX returns a bogus file descriptor if recvmsg() is
132 * called with MSG_PEEK (is this a bug?). Hence we need
133 * to receive the Abandon PDU.
135 err = recvmsg( s, &msg, MSG_WAITALL );
137 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
138 cmsg->cmsg_len == CMSG_LEN( sizeof(int) ) &&
139 cmsg->cmsg_level == SOL_SOCKET &&
140 cmsg->cmsg_type == SCM_RIGHTS
142 msg.msg_accrightslen == sizeof(int)
143 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL*/
145 int mode = S_IFIFO|S_ISUID|S_IRWXU;
147 /* We must receive a valid descriptor, it must be a pipe,
148 * it must only be accessible by its owner, and it must
149 * have the name of our socket written on it.
151 peerbv->bv_len = err;
152 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
153 fd = (*(int *)CMSG_DATA( cmsg ));
155 err = fstat( fd, &st );
157 rlen = read(fd, &rname, rlen);
159 if( err == 0 && st.st_mode == mode &&
160 llen == rlen && !memcmp(&lname, &rname, llen))
167 #elif defined(SOCKCREDSIZE)
169 ber_socklen_t crmsgsize;
174 memset(&msg, 0, sizeof msg);
175 crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
176 if (crmsgsize == 0) goto sc_err;
177 crmsg = malloc(crmsgsize);
178 if (crmsg == NULL) goto sc_err;
179 memset(crmsg, 0, crmsgsize);
181 msg.msg_control = crmsg;
182 msg.msg_controllen = crmsgsize;
184 if (recvmsg(s, &msg, 0) < 0) {
189 if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
194 cmp = CMSG_FIRSTHDR(&msg);
195 if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
200 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
210 #endif /* LDAP_PF_LOCAL */
215 #endif /* HAVE_GETPEEREID */
projects / openldap / blob