x/sys/unix: Enable pid lookup of unix socket peer for darwin

[APTy]

Package syscall on linux currently has behavior to look up a Ucred object, which contains the PID of the remote end of a Unix socket using getsockopt + SO_PEERCRED.

This feature request seeks to add similar behavior for darwin (and perhaps BSD). This can be done using getsockopt + LOCAL_PEERPID. Note that we can't use LOCAL_PEERCRED, as the behavior isn't identical to linux: we get a xucred struct, which doesn't contain a pid.

Open question: linux's type syscall.Ucred exposes UID, GID, and PID. These are all useful, however an exact darwin analog doesn't exist. Options:

1. Conform to the linux golang API

• Add a custom golang type syscall.Ucred type for darwin that contains UID, GID, and PID.
• Add func syscall.GetsockoptUcred(...) (syscall.Ucred, error) for darwin that abstracts two getsockopt system calls: (1) LOCAL_PEERPID for the pid, and (2) LOCAL_PEERCRED for the user and group

or

2. Conform to the darwin C API

• Expose darwin's xucred struct that contains UID and GID (type syscall.Xucred)
• Add func syscall.GetsockoptXucred(...) (syscall.Xucred, error) to look up UID and GID
• Add func syscall.GetsockoptPID(...) (int, error) to look up PID

[gopherbot]

Change https://golang.org/cl/134535 mentions this issue: syscall/darwin: Enable pid lookup of unix socket peer

[APTy]

After looking more at the x/sys package (didn't realize syscall was frozen), it looks like this is partially possible today:

const (
    _syscall_SOL_LOCAL     = 0
    _syscall_LOCAL_PEERPID = 2
)

pid, _ := unix.GetsockoptInt(fd, _syscall_SOL_LOCAL, _syscall_LOCAL_PEERPID)

would still be nice to figure out the symmetry with respect to its linux counterpart, or get those constants defined otherwise :)

[tklauser]

Given that x/sys/unix is just a thin wrapper around the OSes syscalls, I'd prefer option 2 (conforming to the Darwin xucred type and add unix.GetsockoptXucred.

Also, I don't think we need a specific unix.GetsockoptPID as it would just duplicate unix.GetsockoptInt or am I missing something?

/cc @ianlancetaylor @bradfitz

[tklauser]

Given that x/sys/unix is just a thin wrapper around the OSes syscalls, I'd prefer option 2 (conforming to the Darwin xucred type and add unix.GetsockoptXucred.

But then again, we also conform to the Linux specific API on Darwin/BSD e.g. for xattrs, so we might add unix.GetsockoptUcred in addition if there's a need for it.

[APTy]

Also, I don't think we need a specific unix.GetsockoptPID as it would just duplicate unix.GetsockoptInt or am I missing something?

Definitely agree, we can stick with just unix.GetsockoptInt

[wsc1]

Also, I don't think we need a specific unix.GetsockoptPID as it would just duplicate unix.GetsockoptInt or am I missing something?

Definitely agree, we can stick with just unix.GetsockoptInt

Me too, however perhaps also with documentation that it duplicates GetsockoptPID.

[bradfitz]

@tklauser, I just noticed you asked me a question 2.5 years ago, sorry.

But to answer your question, I just went and added unix.GetsockoptXucred in my local tree as a test because I needed it myself. Then I found this bug and your question.

So, yes, (2) sounds fine.

That https://golang.org/cl/134535 looks like it's much of the way there, but stopped short of finishing it when they were asked to re-send it to a different repo.

I don't think we need unix.GetsockoptPID if we export some new consts instead.

Then I plan to write a high-level portable package around the different ways OSes get this peercred info.

[gopherbot]

Change https://golang.org/cl/292330 mentions this issue: unix: add Xucred, GetsockoptXucred on darwin

[bradfitz]

I've published a high-level package that does both the Linux thing and the Darwin thing: inet.af/peercred. I'll be moving my Windows code to it too (that does localhost TCP mapping)