-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Peer credentials on Unix socket #42839
Comments
Considering that newtypes for |
This seems like a reasonable addition. It looks like there are some extra platforms that require special handling though - Solaris and FreeBSD: https://doxygen.postgresql.org/getpeereid_8c_source.html |
The implementation in |
This isn't my area of expertise but I would be interested to see an API proposed for this in a PR. |
Hi guys. We're quite keen for something like this in the stdlib. The implementation in the Tokio repository looks good to me, and from a cursory glance it looks like the stdlib can be very similar. I'm happy to give this a crack -- should I submit an RFC first or is a normal code pull request OK? 😄 Cheers! 🙂 |
The PR which implements this issue is ready for review 🚀 |
Since the PR was merged should the labels (and perhaps also the title) be updated to tracking issue? |
I would agree with that! |
I noticed that #75148 doesn't include the PID on macOS/iOS, presumably because it uses |
Yeah, I don't see a reason to not do that. It'd be nice to document which platforms support it. |
Sounds good! I've opened #79387. And yeah, documentation for these across the different Unices can be difficult to find:
|
The The uds crate can be used to get peer credentials for blocking sockets on stable. |
I write which platforms |
With #69864 merged there are now two very similar types: UCred and SocketCred. Can these two types be combined into one? |
Potentially? Looking at the current code, the two currently perform slightly different functions: IMO, it makes sense to rename |
They don't, that's the reason there's |
I'm not sure if it's 100% of Unices, but I think almost all of them support some mechanism for getting the peer's PID. It's just not through For example, macOS doesn't have a PID in its |
Sure, I agree with renaming.
Yes, this is implemented. :)
A PR would be nice if you happen to have some experience with this. Shouldn't be big, most of the stuff is already there. |
I can definitely try! I have #79387 open for macOS right now, and I'll try to get some similar ones in the pipeline for the BSDs. |
…s, r=Amanieu ext/ucred: Support PID in peer creds on macOS This is a follow-up to rust-lang#75148 (RFC: rust-lang#42839). The original PR used `getpeereid` on macOS and the BSDs, since they don't (generally) support the `SO_PEERCRED` mechanism that Linux supplies. This PR splits the macOS/iOS implementation of `peer_cred()` from that of the BSDs, since macOS supplies the `LOCAL_PEERPID` sockopt as a source of the missing PID. It also adds a `cfg`-gated tests that ensures that platforms with support for PIDs in `UCred` have the expected data.
What is the current status of this feature |
Looks like there were at least no complaints about it apart from |
I'm happy to help with the stabilization here as well. @msolters: if you do an ACP for renaming |
…ngjubilee Make `std::os::unix::ucred` module private Tracking issue: rust-lang#42839 Currently, this unstable module exists: [`std::os::unix::ucred`](https://doc.rust-lang.org/stable/std/os/unix/ucred/index.html). All it does is provide `UCred` (which is also available from `std::os::unix::net`), `impl_*` (which is probably a mishap and should be private) and `peer_cred` (which is undocumented but has a documented counterpart at `std::os::unix::net::UnixStream::peer_cred`). This PR makes the entire `ucred` module private and moves it into `net`, because that's where it is used. I hope it's fine to simply remove it without a deprecation phase. Otherwise, I can add back a deprecated reexport module `std::os::unix::ucred`. `@rustbot` label: -T-libs +T-libs-api
Rollup merge of rust-lang#122147 - kadiwa4:private_impl_mods, r=workingjubilee Make `std::os::unix::ucred` module private Tracking issue: rust-lang#42839 Currently, this unstable module exists: [`std::os::unix::ucred`](https://doc.rust-lang.org/stable/std/os/unix/ucred/index.html). All it does is provide `UCred` (which is also available from `std::os::unix::net`), `impl_*` (which is probably a mishap and should be private) and `peer_cred` (which is undocumented but has a documented counterpart at `std::os::unix::net::UnixStream::peer_cred`). This PR makes the entire `ucred` module private and moves it into `net`, because that's where it is used. I hope it's fine to simply remove it without a deprecation phase. Otherwise, I can add back a deprecated reexport module `std::os::unix::ucred`. `@rustbot` label: -T-libs +T-libs-api
Awaiting stabilization in rust-lang/rust#42839
Is there any chance of this being stabilized anytime soon? I'm using this feature in a project, and I'd like to be able to back down to rust-stable. |
tokio-rs/tokio-uds#13 was recently merged, so I'd like to open an issue of adding same thing to stdlib. TL;DR It allows one to get effective UID and GID of the process which created the remote socket.
I suggest to test it with Tokio now and when there is consensus, we can merge similar change. I need this function, so I'm going to test it anyway.
The text was updated successfully, but these errors were encountered: