UNIX credential passing

Discussion in 'Python' started by Kris Kennaway, May 29, 2008.

  1. I want to make use of UNIX credential passing on a local domain socket
    to verify the identity of a user connecting to a privileged service.
    However it looks like the socket module doesn't implement
    sendmsg/recvmsg wrappers, and I can't find another module that does this
    either. Is there something I have missed?

    Kris
    Kris Kennaway, May 29, 2008
    #1
    1. Advertising

  2. Kris Kennaway

    Paul Rubin Guest

    Kris Kennaway <> writes:
    > I want to make use of UNIX credential passing on a local domain socket
    > to verify the identity of a user connecting to a privileged
    > service. However it looks like the socket module doesn't implement
    > sendmsg/recvmsg wrappers, and I can't find another module that does
    > this either. Is there something I have missed?


    There is a patch for it attached to an RFE in the python bug tracker,
    I forget which one. Try searching for sendmsg or ancillary messages
    or SCM_RIGHTS in the tracker.
    Paul Rubin, May 30, 2008
    #2
    1. Advertising

  3. [ Kris Kennaway <> ]

    > I want to make use of UNIX credential passing on a local domain socket
    > to verify the identity of a user connecting to a privileged service.
    > However it looks like the socket module doesn't implement
    > sendmsg/recvmsg wrappers, and I can't find another module that does this
    > either. Is there something I have missed?


    http://pyside.blogspot.com/2007/07/unix-socket-credentials-with-python.html

    Illustrates, how to use socket credentials without sendmsg/recvmsg and so
    without any need for patching.


    --
    Freedom is always the freedom of dissenters.
    (Rosa Luxemburg)
    Sebastian 'lunar' Wiesner, May 30, 2008
    #3
  4. Sebastian 'lunar' Wiesner wrote:
    > [ Kris Kennaway <> ]
    >
    >> I want to make use of UNIX credential passing on a local domain socket
    >> to verify the identity of a user connecting to a privileged service.
    >> However it looks like the socket module doesn't implement
    >> sendmsg/recvmsg wrappers, and I can't find another module that does this
    >> either. Is there something I have missed?

    >
    > http://pyside.blogspot.com/2007/07/unix-socket-credentials-with-python.html
    >
    > Illustrates, how to use socket credentials without sendmsg/recvmsg and so
    > without any need for patching.
    >
    >


    Thanks to both you and Paul for your suggestions. For the record, the
    URL above is linux-specific, but it put me on the right track. Here is
    an equivalent FreeBSD implementation:

    def getpeereid(sock):
    """ Get peer credentials on a UNIX domain socket.

    Returns a nested tuple: (uid, (gids)) """

    LOCAL_PEERCRED = 0x001
    NGROUPS = 16

    #struct xucred {
    # u_int cr_version; /* structure layout version */
    # uid_t cr_uid; /* effective user id */
    # short cr_ngroups; /* number of groups */
    # gid_t cr_groups[NGROUPS]; /* groups */
    # void *_cr_unused1; /* compatibility with old ucred */
    #};

    xucred_fmt = '2ih16iP'
    res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0,
    LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))

    # Check this is the above version of the structure
    if res[0] != 0:
    raise OSError

    return (res[1], res[3:3+res[2]])


    Kris
    Kris Kennaway, May 31, 2008
    #4
  5. [ Kris Kennaway <> ]

    > Sebastian 'lunar' Wiesner wrote:
    >>
    >> Illustrates, how to use socket credentials without sendmsg/recvmsg and so
    >> without any need for patching.
    >>

    > Thanks to both you and Paul for your suggestions. For the record, the
    > URL above is linux-specific,


    D'oh, sorry, I didn't know this ... I'm not a unix expert, I just remembered
    that article when reading your question ;)


    --
    Freedom is always the freedom of dissenters.
    (Rosa Luxemburg)
    Sebastian 'lunar' Wiesner, May 31, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Dopierala Jr.

    Re: How to get Windows logon user credential?

    Ken Dopierala Jr., Aug 28, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    4,404
    cindy liu
    Aug 28, 2003
  2. Martin
    Replies:
    3
    Views:
    761
    Hermit Dave
    Jan 10, 2004
  3. Steve Drake
    Replies:
    1
    Views:
    523
    bruce barker
    Feb 13, 2004
  4. Steve Drake

    Passing Credential to SOAP via a .NET remoted object

    Steve Drake, Feb 13, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    139
    bruce barker
    Feb 13, 2004
  5. Steve Drake

    Passing Credential to SOAP via a .NET remoted object

    Steve Drake, Feb 13, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    114
    bruce barker
    Feb 13, 2004
Loading...

Share This Page