Re: UNIX credential passing
- From: Kris Kennaway <kris@xxxxxxxxxxx>
- Date: Sat, 31 May 2008 01:04:50 +0200
Sebastian 'lunar' Wiesner wrote:
[ Kris Kennaway <kris@xxxxxxxxxxx> ]
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?
http://pyside.blogspot.com/2007/07/unix-socket-credentials-with-python.html
Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.
Thanks to both you and Paul for your suggestions. For the record, the URL above is linux-specific, but it put me on the right track. Here is an equivalent FreeBSD implementation:
def getpeereid(sock):
""" Get peer credentials on a UNIX domain socket.
Returns a nested tuple: (uid, (gids)) """
LOCAL_PEERCRED = 0x001
NGROUPS = 16
#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};
xucred_fmt = '2ih16iP'
res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0, LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))
# Check this is the above version of the structure
if res[0] != 0:
raise OSError
return (res[1], res[3:3+res[2]])
Kris
.
- Follow-Ups:
- Re: UNIX credential passing
- From: Sebastian 'lunar' Wiesner
- Re: UNIX credential passing
- References:
- UNIX credential passing
- From: Kris Kennaway
- Re: UNIX credential passing
- From: Sebastian 'lunar' Wiesner
- UNIX credential passing
- Prev by Date: Re: accumulator generators
- Next by Date: Re: How to covert ASCII to integer in Python?
- Previous by thread: Re: UNIX credential passing
- Next by thread: Re: UNIX credential passing
- Index(es):
Relevant Pages
|
