search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
123.3k stars 17.58k forks source link

x/sys/unix: want more platform support for UNIX domain socket peer credentials #41659

Open gdamore opened 4 years ago

gdamore commented 4 years ago

What version of Go are you using (go version)?

$ go version
PS C:\Users\garre> go version
go version go1.14.4 windows/amd64

(Although I use many different versions of Go on illumos, Linux, darwin, etc.)

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

Feature request

As this is a feature request, I'm not including typical bug report details.

What I'd like is a way for us to obtain peer credentials more broadly. I am most interested in illumos/solaris (which uses getpeerucred() in libc, but I see this being useful for Darwin, FreeBSD, and possibly others.

With Linux we can do GetsockoptUcred with SO_PEERCRED. Which is great. I would like to have a similar way to do this for other platforms (platform specific probably) without having to resort to cgo if possible.

ianlancetaylor commented 4 years ago

What are the mechanisms available on other systems?

gdamore commented 4 years ago

So Solaris and illumos have getpeerucred. I believe BSD systems have SO_LOCAL and LOCAL_PEERCRED and LOCAL_PEERPID. There is also a version of SO_PEERCRED that uses sockpeercred instead of ucred.

This is a mess of non portable APIs. But it would be nice if I could access this tags and not have to resort to cgo.

gopherbot commented 3 years ago

Change https://golang.org/cl/294989 mentions this issue: unix: add Xucred, GetsockoptXucred on freebsd

tklauser commented 3 years ago

FWIW, https://golang.org/cl/292330 added this for Darwin already, courtesy of @bradfitz . I'm about to send CLs adding support on the BSDs and possibly Illumos/Solaris as well.

Once these landed in x/sys/unix, I hope we can add support for these additional platforms to inet.af/peercred as well which provides a portable API for peer credentials.

MagicalTux commented 1 year ago

This was initially requested in https://github.com/golang/go/issues/1101, however that issue was hijacked to instead cover sending over credentials and file descriptors, and it deemed resolved in 2017.

This would be really nice to have a cross platform API for this.