473,757 Members | 6,899 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

UNIX credential passing

I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?

Kris
Jun 27 '08 #1
4 1943
Kris Kennaway <kr**@FreeBSD.o rgwrites:
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged
service. However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does
this either. Is there something I have missed?
There is a patch for it attached to an RFE in the python bug tracker,
I forget which one. Try searching for sendmsg or ancillary messages
or SCM_RIGHTS in the tracker.
Jun 27 '08 #2
[ Kris Kennaway <kr**@FreeBSD.o rg]
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?
http://pyside.blogspot.com/2007/07/u...th-python.html

Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
Jun 27 '08 #3
Sebastian 'lunar' Wiesner wrote:
[ Kris Kennaway <kr**@FreeBSD.o rg]
>I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?

http://pyside.blogspot.com/2007/07/u...th-python.html

Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.

Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific, but it put me on the right track. Here is
an equivalent FreeBSD implementation:

def getpeereid(sock ):
""" Get peer credentials on a UNIX domain socket.

Returns a nested tuple: (uid, (gids)) """

LOCAL_PEERCRED = 0x001
NGROUPS = 16

#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};

xucred_fmt = '2ih16iP'
res = tuple(struct.un pack(xucred_fmt , sock.getsockopt (0,
LOCAL_PEERCRED, struct.calcsize (xucred_fmt))))

# Check this is the above version of the structure
if res[0] != 0:
raise OSError

return (res[1], res[3:3+res[2]])
Kris
Jun 27 '08 #4
[ Kris Kennaway <kr**@FreeBSD.o rg]
Sebastian 'lunar' Wiesner wrote:
>>
Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific,
D'oh, sorry, I didn't know this ... I'm not a unix expert, I just remembered
that article when reading your question ;)
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
Jun 27 '08 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
22
3076
How does C work on non-unix?
by: Ryan M | last post by:
I've been programming for a while, but most of my experience is on unix. How do C compilers work on operating systems that weren't written in C? And that have no libc? Compiling C on unix seems so easy. Everything in the code either goes right to machine code, or links to a C library (often libc) or links to the kernel. Are there libc equivalents on non-unix OSes? -- Using M2, Opera's revolutionary e-mail client:...
C / C++
28
3062
URGENT: Unix/Windows Struct cast problem
by: Tamir Khason | last post by:
Follwing the struct: public struct TpSomeMsgRep { public uint SomeId;
C# / C Sharp
1
6478
Setting WebClient Credential
by: Tedmond | last post by:
Dear all, I wrote a function to use WebClient to retrieve information from the Web. It worked fine. However, the proxy setting of our firm has been changed. Proxy authentication is required now but I have no idea how to set the credential for the WebClient. I went through the .Net document and only found an example of reading credentials. Can anyone give me the idea how to set the WebClient credential? Thanks for any help
.NET Framework
1
1397
Removing required credential check for Web Services in VS2005
by: adiel_g | last post by:
Does anyone know how to remove the required credential check for a web service in VS2005? There should be an option to remove the required credential check since I will be running the service in an intranet and will not require authentication. After I remove the credential check, I should be able to remove this line: objSVC.Credentials = System.Net.CredentialCache.DefaultCredentials
.NET Framework
4
1561
Providing Credential without login screen
by: TJO | last post by:
Can someone advise about feasibility of passing user credentials to an asp.net 2.0 application using query string or other techniques? I want to avoid the login screen. Thank you.
ASP.NET
2
1374
Getting window credential from user machine thru' ASP.NET
by: sweetpotatop | last post by:
Hi, I wonder how can I get the window/network credential from the user machine thru' ASP.NET? I have been using LDAP, however, the user will be prompted for username and password at least once. Is there a way to get the user credential without the dialog box? Thanks in advance. Your help would be greatly appreciated.
ASP.NET
0
1210
Running a thread with a different credential
by: Hayato Iriumi | last post by:
Hello, I poked around System.Threading.Thread and System.Net.NetworkCredential to see if I could run a thread with a different credential from the credential that the executable is running under. I know that I can run the entire executable as a different credential doing RunAs, but I'm wondering that is possible at thread level. TIA
.NET Framework
2
1978
.NET Remoting and Credential Caching
by: Michael Bray | last post by:
I have a client/server application that utilizes Impersonation on a TCP Channel. So I create the channel with the version of the constructor that takes an IDictionary of channel properties, and specify "impersonate = true". OK great - everything works - I can confirm on the server that the process runs in the context of the user that is making the remote call from the client. However, I also want to give the user the ability to...
C# / C Sharp
0
1470
Credential provider Architecture
by: madankarmukta | last post by:
Hi, Can anyone tell me how the Credential Provider architecture works ..? In Winodws NT all versions we use GINA for login process.. How does Credential Provider Paly the same role in Vista/Windows server 2008..? Could I get any help with respect to this.I basically want to create my own credential provider , Hence keen to know all about this. Thanks!
General
0
10072
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
9885
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9737
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8737
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7286
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5172
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5329
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
3399
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2698
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us