Identify program that connects to a Unix Domain Socket

前端 未结 3 1561
星月不相逢
星月不相逢 2021-02-07 17:37

I have a program that is listening to a Unix Domain Socket.

When a client connects to the socket I\'d like to find out which program connected and then decide if I allow

3条回答
  •  不思量自难忘°
    2021-02-07 18:00

    Yes, this is possible on Linux, but it won't be very portable. It's achieved using what is called "ancillary data" with sendmsg / recvmsg.

    • Use SO_PASSCRED with setsockopt
    • Use SCM_CREDENTIALS and the struct ucred structure

    This structure is defined in Linux:

    struct ucred {
        pid_t pid;    /* process ID of the sending process */
        uid_t uid;    /* user ID of the sending process */
        gid_t gid;    /* group ID of the sending process */
    };
    

    Note you have to fill these in your msghdr.control, and the kernel will check if they're correct.

    The main portability hindrance is that this structure differs on other Unixes - for example on FreeBSD it's:

    struct cmsgcred {
        pid_t   cmcred_pid;          /* PID of sending process */
        uid_t   cmcred_uid;          /* real UID of sending process */
        uid_t   cmcred_euid;         /* effective UID of sending process */
        gid_t   cmcred_gid;          /* real GID of sending process */
        short   cmcred_ngroups;      /* number or groups */
        gid_t   cmcred_groups[CMGROUP_MAX];     /* groups */
    };
    

提交回复
热议问题