|
| 1 | +//! Unix peer credentials. |
| 2 | +
|
| 3 | +// NOTE: Code in this file is heavily based on work done in PR 13 from the tokio-uds repository on |
| 4 | +// GitHub. |
| 5 | +// |
| 6 | +// For reference, the link is here: https://github.com/tokio-rs/tokio-uds/pull/13 |
| 7 | +// Credit to Martin Habovštiak (GitHub username Kixunil) and contributors for this work. |
| 8 | + |
| 9 | +use libc::{gid_t, pid_t, uid_t}; |
| 10 | + |
| 11 | +/// Credentials for a UNIX process for credentials passing. |
| 12 | +#[unstable(feature = "peer_credentials_unix_socket", issue = "42839", reason = "unstable")] |
| 13 | +#[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)] |
| 14 | +pub struct UCred { |
| 15 | + /// The UID part of the peer credential. This is the effective UID of the process at the domain |
| 16 | + /// socket's endpoint. |
| 17 | + pub uid: uid_t, |
| 18 | + /// The GID part of the peer credential. This is the effective GID of the process at the domain |
| 19 | + /// socket's endpoint. |
| 20 | + pub gid: gid_t, |
| 21 | + /// The PID part of the peer credential. This field is optional because the PID part of the |
| 22 | + /// peer credentials is not supported on every platform. On platforms where the mechanism to |
| 23 | + /// discover the PID exists, this field will be populated to the PID of the process at the |
| 24 | + /// domain socket's endpoint. Otherwise, it will be set to None. |
| 25 | + pub pid: Option<pid_t>, |
| 26 | +} |
| 27 | + |
| 28 | +#[cfg(any(target_os = "android", target_os = "linux"))] |
| 29 | +pub use self::impl_linux::peer_cred; |
| 30 | + |
| 31 | +#[cfg(any( |
| 32 | + target_os = "dragonfly", |
| 33 | + target_os = "freebsd", |
| 34 | + target_os = "ios", |
| 35 | + target_os = "macos", |
| 36 | + target_os = "openbsd" |
| 37 | +))] |
| 38 | +pub use self::impl_bsd::peer_cred; |
| 39 | + |
| 40 | +#[cfg(any(target_os = "linux", target_os = "android"))] |
| 41 | +pub mod impl_linux { |
| 42 | + use super::UCred; |
| 43 | + use crate::os::unix::io::AsRawFd; |
| 44 | + use crate::os::unix::net::UnixStream; |
| 45 | + use crate::{io, mem}; |
| 46 | + use libc::{c_void, getsockopt, socklen_t, ucred, SOL_SOCKET, SO_PEERCRED}; |
| 47 | + |
| 48 | + pub fn peer_cred(socket: &UnixStream) -> io::Result<UCred> { |
| 49 | + let ucred_size = mem::size_of::<ucred>(); |
| 50 | + |
| 51 | + // Trivial sanity checks. |
| 52 | + assert!(mem::size_of::<u32>() <= mem::size_of::<usize>()); |
| 53 | + assert!(ucred_size <= u32::MAX as usize); |
| 54 | + |
| 55 | + let mut ucred_size = ucred_size as socklen_t; |
| 56 | + let mut ucred: ucred = ucred { pid: 1, uid: 1, gid: 1 }; |
| 57 | + |
| 58 | + unsafe { |
| 59 | + let ret = getsockopt( |
| 60 | + socket.as_raw_fd(), |
| 61 | + SOL_SOCKET, |
| 62 | + SO_PEERCRED, |
| 63 | + &mut ucred as *mut ucred as *mut c_void, |
| 64 | + &mut ucred_size, |
| 65 | + ); |
| 66 | + |
| 67 | + if ret == 0 && ucred_size as usize == mem::size_of::<ucred>() { |
| 68 | + Ok(UCred { uid: ucred.uid, gid: ucred.gid, pid: Some(ucred.pid) }) |
| 69 | + } else { |
| 70 | + Err(io::Error::last_os_error()) |
| 71 | + } |
| 72 | + } |
| 73 | + } |
| 74 | +} |
| 75 | + |
| 76 | +#[cfg(any( |
| 77 | + target_os = "dragonfly", |
| 78 | + target_os = "macos", |
| 79 | + target_os = "ios", |
| 80 | + target_os = "freebsd", |
| 81 | + target_os = "openbsd" |
| 82 | +))] |
| 83 | +pub mod impl_bsd { |
| 84 | + use super::UCred; |
| 85 | + use crate::io; |
| 86 | + use crate::os::unix::io::AsRawFd; |
| 87 | + use crate::os::unix::net::UnixStream; |
| 88 | + |
| 89 | + pub fn peer_cred(socket: &UnixStream) -> io::Result<UCred> { |
| 90 | + let mut cred = UCred { uid: 1, gid: 1, pid: None }; |
| 91 | + unsafe { |
| 92 | + let ret = libc::getpeereid(socket.as_raw_fd(), &mut cred.uid, &mut cred.gid); |
| 93 | + |
| 94 | + if ret == 0 { Ok(cred) } else { Err(io::Error::last_os_error()) } |
| 95 | + } |
| 96 | + } |
| 97 | +} |
0 commit comments