Sebastian said:
[ Kris Kennaway said:
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?
http://pyside.blogspot.com/2007/07/unix-socket-credentials-with-python.html
Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific, but it put me on the right track. Here is
an equivalent FreeBSD implementation:
def getpeereid(sock):
""" Get peer credentials on a UNIX domain socket.
Returns a nested tuple: (uid, (gids)) """
LOCAL_PEERCRED = 0x001
NGROUPS = 16
#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};
xucred_fmt = '2ih16iP'
res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0,
LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))
# Check this is the above version of the structure
if res[0] != 0:
raise OSError
return (res[1], res[3:3+res[2]])
Kris
