3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2000-2007 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
19 #ifndef HAVE_GETPEEREID
21 #include <sys/types.h>
22 #include <ac/unistd.h>
24 #include <ac/socket.h>
29 #include <grp.h> /* for NGROUPS on Tru64 5.1 */
31 #include <sys/ucred.h>
34 /* Disabled due to ITS#4893, will revisit in release 2.4 */
35 #if 0 /* !defined(SO_PEERCRED) && !defined(LOCAL_PEERCRED) && \
36 defined(HAVE_SENDMSG) && (defined(HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN) || \
37 defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL)) */
48 int getpeereid( int s, uid_t *euid, gid_t *egid )
51 #if defined( SO_PEERCRED )
52 struct ucred peercred;
53 ber_socklen_t peercredlen = sizeof peercred;
55 if(( getsockopt( s, SOL_SOCKET, SO_PEERCRED,
56 (void *)&peercred, &peercredlen ) == 0 )
57 && ( peercredlen == sizeof peercred ))
64 #elif defined( LOCAL_PEERCRED )
65 struct xucred peercred;
66 ber_socklen_t peercredlen = sizeof peercred;
68 if(( getsockopt( s, LOCAL_PEERCRED, 1,
69 (void *)&peercred, &peercredlen ) == 0 )
70 && ( peercred.cr_version == XUCRED_VERSION ))
72 *euid = peercred.cr_uid;
73 *egid = peercred.cr_gid;
76 #elif defined( DO_SENDMSG )
80 struct msghdr msg = {0};
81 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
83 # define CMSG_SPACE(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + _CMSG_ALIGN(len))
86 # define CMSG_LEN(len) (_CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
90 unsigned char control[CMSG_SPACE(sizeof(int))];
93 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
100 iov.iov_len = sizeof dummy;
103 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
104 msg.msg_control = control_un.control;
105 msg.msg_controllen = sizeof( control_un.control );
107 cmsg = CMSG_FIRSTHDR( &msg );
110 * AIX returns a bogus file descriptor if recvmsg() is
111 * called with MSG_PEEK (is this a bug?). Hence we need
112 * to receive the Abandon PDU.
114 if( recvmsg( s, &msg, MSG_WAITALL ) >= 0 &&
115 cmsg->cmsg_len == CMSG_LEN( sizeof(int) ) &&
116 cmsg->cmsg_level == SOL_SOCKET &&
117 cmsg->cmsg_type == SCM_RIGHTS )
119 msg.msg_accrights = (char *)fd;
120 msg.msg_accrightslen = sizeof(fd);
121 if( recvmsg( s, &msg, MSG_PEEK) >= 0 && msg.msg_accrightslen == sizeof(int) )
122 # endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL*/
124 /* We must receive a valid descriptor, it must be a pipe,
125 * and it must only be accessible by its owner.
127 # ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
128 fd[0] = (*(int *)CMSG_DATA( cmsg ));
130 err = fstat( fd[0], &st );
132 if( err == 0 && S_ISFIFO(st.st_mode) &&
133 ((st.st_mode & (S_IRWXG|S_IRWXO)) == 0))
140 #elif defined(SOCKCREDSIZE)
142 ber_socklen_t crmsgsize;
147 memset(&msg, 0, sizeof msg);
148 crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
149 if (crmsgsize == 0) goto sc_err;
150 crmsg = malloc(crmsgsize);
151 if (crmsg == NULL) goto sc_err;
152 memset(crmsg, 0, crmsgsize);
154 msg.msg_control = crmsg;
155 msg.msg_controllen = crmsgsize;
157 if (recvmsg(s, &msg, 0) < 0) {
162 if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
167 cmp = CMSG_FIRSTHDR(&msg);
168 if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
173 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
183 #endif /* LDAP_PF_LOCAL */
188 #endif /* HAVE_GETPEEREID */