peercred

package module

v0.0.0-...-6d43623 Latest Latest Go to latest Published: Sep 28, 2020 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/joeshaw/peercred

Links

Open Source Insights

README ¶

peercred

peercred is a Go package that wraps usage of the Linux SO_PEERCRED socket option on Unix domain sockets.

From the unix(7) man page:

   SO_PEERCRED
          This read-only socket option returns the credentials of the
          peer process connected to this socket.  The returned creden‐
          tials are those that were in effect at the time of the call to
          connect(2) or socketpair(2).

          The argument to getsockopt(2) is a pointer to a ucred struc‐
          ture; define the _GNU_SOURCE feature test macro to obtain the
          definition of that structure from <sys/socket.h>.

          The use of this option is possible only for connected AF_UNIX
          stream sockets and for AF_UNIX stream and datagram socket
          pairs created using socketpair(2).

On Linux systems, the raw functionality is provided through the built-in syscall package and the golang.org/x/sys/unix package. These packages, however, are not stable across operating systems and the usage of socket options is pretty low level. This package encapsulates the functionality and returns errors on unsupported operating systems through an easy Read function.

The returned value provides the process ID, user ID, and group ID of the process on the other side of the Unix domain socket. These values are populated by the Linux kernel and cannot be spoofed. (However, these values are set at the time of socket creation and will not take into account privileges dropped afterward.)

Usage


conn, err := net.Dial("unix", "/var/run/somesocket")
if err != nil {
    log.Fatal(err)
}

cred, err := peercred.Read(conn.(*net.UnixConn))
if err != nil {
    log.Fatal(err)
}

fmt.Printf("%+v\n", cred)
// => &{PID:2002 UID:1000 GID:1000}

License

peercred is licensed under the MIT license. See the LICENSE file for details.

Documentation ¶

Rendered for

Overview ¶

Package peercred is an easy to use wrapper around the Linux SO_PEERCRED socket option on Unix domain sockets. It degrades gracefully with an unsupported error on other operating systems.

Index ¶

type Cred
- func Read(conn *net.UnixConn) (*Cred, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Cred ¶

type Cred struct {
	PID int32
	UID uint32
	GID uint32
}

Cred is the structure containing peer credentials. Linux passes the process ID (pid), user ID (uid), and group ID (gid) from the other side of the connection.

This structure mimics the ucred structure from the <linux/socket.h> file.

These values are populated at socket creation time, and will not reflect privileges dropped after the creation of the socket.

func Read ¶

func Read(conn *net.UnixConn) (*Cred, error)

Read returns peer credentials using the SO_PEERCRED socket option on Unix domain sockets.

On unsupported operating systems it returns an error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL