识别连接到Unix域套接字的程序 [英] Identify program that connects to a Unix Domain Socket

问题描述

我有一个正在监听Unix域套接字的程序.

I have a program that is listening to a Unix Domain Socket.

当客户端连接到套接字时，我想找出连接了哪个程序，然后决定是否允许连接(基于用户/组设置).

When a client connects to the socket I'd like to find out which program connected and then decide if I allow the connection or not (based on the user/group settings).

在Linux下是否可行?如果可以，怎么办?

Is this possible under Linux, and if so, how?

推荐答案

是的，这在Linux上是可能的，但是它不是非常可移植的.通过使用sendmsg/recvmsg的所谓辅助数据"来实现.

Yes, this is possible on Linux, but it won't be very portable. It's achieved using what is called "ancillary data" with sendmsg / recvmsg.

• 将SO_PASSCRED与setsockopt一起使用
• 使用SCM_CREDENTIALS和struct ucred结构

• Use SO_PASSCRED with setsockopt
• Use SCM_CREDENTIALS and the struct ucred structure

此结构在Linux中定义:

This structure is defined in Linux:

struct ucred {
    pid_t pid;    /* process ID of the sending process */
    uid_t uid;    /* user ID of the sending process */
    gid_t gid;    /* group ID of the sending process */
};

请注意，您必须在msghdr.control中填写这些内容，内核会检查它们是否正确.

Note you have to fill these in your msghdr.control, and the kernel will check if they're correct.

主要的可移植性障碍是该结构在其他Unix上有所不同-例如在FreeBSD上，它是:

The main portability hindrance is that this structure differs on other Unixes - for example on FreeBSD it's:

struct cmsgcred {
    pid_t   cmcred_pid;          /* PID of sending process */
    uid_t   cmcred_uid;          /* real UID of sending process */
    uid_t   cmcred_euid;         /* effective UID of sending process */
    gid_t   cmcred_gid;          /* real GID of sending process */
    short   cmcred_ngroups;      /* number or groups */
    gid_t   cmcred_groups[CMGROUP_MAX];     /* groups */
};

这篇关于识别连接到Unix域套接字的程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！