By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,660 Members | 1,100 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,660 IT Pros & Developers. It's quick & easy.

UNIX credential passing

P: n/a
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?

Kris
Jun 27 '08 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Kris Kennaway <kr**@FreeBSD.orgwrites:
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged
service. However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does
this either. Is there something I have missed?
There is a patch for it attached to an RFE in the python bug tracker,
I forget which one. Try searching for sendmsg or ancillary messages
or SCM_RIGHTS in the tracker.
Jun 27 '08 #2

P: n/a
[ Kris Kennaway <kr**@FreeBSD.org]
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?
http://pyside.blogspot.com/2007/07/u...th-python.html

Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
Jun 27 '08 #3

P: n/a
Sebastian 'lunar' Wiesner wrote:
[ Kris Kennaway <kr**@FreeBSD.org]
>I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?

http://pyside.blogspot.com/2007/07/u...th-python.html

Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.

Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific, but it put me on the right track. Here is
an equivalent FreeBSD implementation:

def getpeereid(sock):
""" Get peer credentials on a UNIX domain socket.

Returns a nested tuple: (uid, (gids)) """

LOCAL_PEERCRED = 0x001
NGROUPS = 16

#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};

xucred_fmt = '2ih16iP'
res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0,
LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))

# Check this is the above version of the structure
if res[0] != 0:
raise OSError

return (res[1], res[3:3+res[2]])
Kris
Jun 27 '08 #4

P: n/a
[ Kris Kennaway <kr**@FreeBSD.org]
Sebastian 'lunar' Wiesner wrote:
>>
Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific,
D'oh, sorry, I didn't know this ... I'm not a unix expert, I just remembered
that article when reading your question ;)
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
Jun 27 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.