识别连接到Unix域套接字的程序 [英] Identify program that connects to a Unix Domain Socket
问题描述
我有一个正在监听Unix域套接字的程序.
I have a program that is listening to a Unix Domain Socket.
当客户端连接到套接字时,我想找出连接了哪个程序,然后决定是否允许连接(基于用户/组设置).
When a client connects to the socket I'd like to find out which program connected and then decide if I allow the connection or not (based on the user/group settings).
在Linux下是否可行?如果可以,怎么办?
Is this possible under Linux, and if so, how?
推荐答案
是的,这在Linux上是可能的,但是它不是非常可移植的.通过使用sendmsg
/recvmsg
的所谓辅助数据"来实现.
Yes, this is possible on Linux, but it won't be very portable. It's achieved using what is called "ancillary data" with sendmsg
/ recvmsg
.
- 将
SO_PASSCRED
与setsockopt
一起使用 - 使用
SCM_CREDENTIALS
和struct ucred
结构
- Use
SO_PASSCRED
withsetsockopt
- Use
SCM_CREDENTIALS
and thestruct ucred
structure
此结构在Linux中定义:
This structure is defined in Linux:
struct ucred {
pid_t pid; /* process ID of the sending process */
uid_t uid; /* user ID of the sending process */
gid_t gid; /* group ID of the sending process */
};
请注意,您必须在msghdr.control
中填写这些内容,内核会检查它们是否正确.
Note you have to fill these in your msghdr.control
, and the kernel will check if they're correct.
主要的可移植性障碍是该结构在其他Unix上有所不同-例如在FreeBSD上,它是:
The main portability hindrance is that this structure differs on other Unixes - for example on FreeBSD it's:
struct cmsgcred {
pid_t cmcred_pid; /* PID of sending process */
uid_t cmcred_uid; /* real UID of sending process */
uid_t cmcred_euid; /* effective UID of sending process */
gid_t cmcred_gid; /* real GID of sending process */
short cmcred_ngroups; /* number or groups */
gid_t cmcred_groups[CMGROUP_MAX]; /* groups */
};
这篇关于识别连接到Unix域套接字的程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!