有没有办法让 UNIX 域套接字侦听器仅接受来自特定用户的连接(chmod
/chown
不适用于抽象套接字 afaik),或者换句话说,获取传入连接的 uid(在 Linux 上)?
Dbus,在Linux上使用抽象unix socket,有一个功能GetConnectionUnixUser
polkit 使用它来确定调用者。所以我想dbus-daemon
一定有办法做到这一点。有谁知道这是如何运作的?
检查对等凭据的最简单方法是SO_PEERCRED http://man7.org/linux/man-pages/man7/socket.7.html。
对套接字执行此操作sock
:
int len;
struct ucred ucred;
len = sizeof(struct ucred);
if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1)
// check errno
printf("Credentials from SO_PEERCRED: pid=%ld, euid=%ld, egid=%ld\n",
(long) ucred.pid, (long) ucred.uid, (long) ucred.gid);
SO_PEERCRED
Return the credentials of the foreign process connected to
this socket. This is possible only for connected AF_UNIX
stream sockets and AF_UNIX stream and datagram socket pairs
created using socketpair(2); see unix(7). The returned
credentials are those that were in effect at the time of the
call to connect(2) or socketpair(2). The argument is a ucred
structure; define the _GNU_SOURCE feature test macro to obtain
the definition of that structure from <sys/socket.h>. This
socket option is read-only.
From a tlpi http://man7.org/tlpi/ example http://man7.org/tlpi/code/online/dist/sockets/scm_cred_recv.c.html. PostgreSQL http://doxygen.postgresql.org/getpeereid_8c_source.html对于其他 unice 有一些变体。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)