On Fri, Nov 24, 2006 at 10:11:39AM -0800, rainmailbox2001-ola (at) yahoo (dot) ca [email concealed] wrote:
> I
> was also thinking about using Unix sockets for communication, but it
> seems that they also lack any mechanism for authenticating the client.
man 7 unix:
...
setsockopt(.., SO_PASSCRED, ...);
...
ANCILLARY MESSAGES
Ancillary data is sent and received using sendmsg(2) and
recvmsg(2).
...
SCM_CREDENTIALS
Send or receive Unix credentials. This can be used for authen-
tication. The credentials are passed as a struct ucred ancil-
lary message.
struct ucred {
pid_t pid; /* process ID of the sending process */
uid_t uid; /* user ID of the sending process */
gid_t gid; /* group ID of the sending process */
};
The credentials which the sender specifies are checked by the
kernel. A process with effective user ID 0 is allowed to spec-
ify values that do not match its own.
> Anyways, I would prefer to stick with TCP/UDP, because this is what my
> programs use already, and I don't really want to change everything to
> Unix sockets (unless of course Unix sockets are the only good way to
> resolve my problems).
Or you can try parsing the output of netstat (with option -p in Linux) or
lsof (eg: lsof -i 4 (at) 127.0.0 (dot) 1 [email concealed]:4015 for a connection from localhost,
port 4015).
> I
> was also thinking about using Unix sockets for communication, but it
> seems that they also lack any mechanism for authenticating the client.
man 7 unix:
...
setsockopt(.., SO_PASSCRED, ...);
...
ANCILLARY MESSAGES
Ancillary data is sent and received using sendmsg(2) and
recvmsg(2).
...
SCM_CREDENTIALS
Send or receive Unix credentials. This can be used for authen-
tication. The credentials are passed as a struct ucred ancil-
lary message.
struct ucred {
pid_t pid; /* process ID of the sending process */
uid_t uid; /* user ID of the sending process */
gid_t gid; /* group ID of the sending process */
};
The credentials which the sender specifies are checked by the
kernel. A process with effective user ID 0 is allowed to spec-
ify values that do not match its own.
> Anyways, I would prefer to stick with TCP/UDP, because this is what my
> programs use already, and I don't really want to change everything to
> Unix sockets (unless of course Unix sockets are the only good way to
> resolve my problems).
Or you can try parsing the output of netstat (with option -p in Linux) or
lsof (eg: lsof -i 4 (at) 127.0.0 (dot) 1 [email concealed]:4015 for a connection from localhost,
port 4015).
--
lfr
0/0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFFa0VTinSul6a7oB8RAupnAJ4uSbfg+TfDVNbyeDQ4D/jO0SR1LQCgoQIb
D1GCng7mTSYsU/Ox2WmtYOQ=
=+VFx
-----END PGP SIGNATURE-----
[ reply ]