search

mhlkmn0108 / junixsocket

Automatically exported from code.google.com/p/junixsocket
1 stars 0 forks source link

Support SO_PEERCRED socket option #18

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Add support for the SO_PEERCRED socket option
(see http://www.welz.org.za/notes/on-peer-cred.html)

This option would be very useful for providing local user authentication 
support.

It looks like this could easily be added and accessed through the 
AFUNIXSocketImpl.getOption method.

Would need to provide some java class to hold the ucred struct data, and 
populate it in the native code, but that should be fairly simple.

I might spend some time on this and contribute a patch.
If you have any thoughts, let me know.

Original issue reported on code.google.com by phils...@gmail.com on 1 Apr 2011 at 7:19

GoogleCodeExporter commented 9 years ago 
I have attached a patch to add support for retrieving the client user 
credentials on the server side.

The patch is based on http://junixsocket.googlecode.com/svn/trunk/junixsocket/ 
revision 111.

I added AFUNIXSocket.getUserCredentials(), and 
AFUNIXServerSocket.setPassUserCredentials(boolean passUserCredentials)

I only tested linux 32-bit.

I added a unit test for the change.

In an unrelated note, I also had to modify the CancelAcceptTest a little bit to 
make it more threadsafe.  It was failing on my system (before I made any 
changes) because of some concurrency problems.

Please review the patch and let me know of any suggestions you have.

Thanks,
Phil

Original comment by phils...@gmail.com on 2 Apr 2011 at 12:56

Attachments:

GoogleCodeExporter commented 9 years ago 
I have now tested it on 32-bit and 64-bit linux.

However, I just noticed the following excerpt from "Secure Programming Cookbook 
for C and C++"...

Passing credentials "works on FreeBSD, Linux, and NetBSD. Unfortunately, not 
all Unix domain socket implementations provide support for credentials. At the 
time of this writing, the Darwin kernel (the core of MacOS X), OpenBSD, and 
Solaris do not support credentials.

So, the patch might need to be modified for those other platforms.  I don't 
really have access to them to find out though.  I'm not sure what the behavior 
will be.  i.e. if they won't compile, won't run, or just don't return 
credentials.

Original comment by phils...@gmail.com on 2 Apr 2011 at 1:38