如何通过Mac OS X上的Unix域套接字传递用户凭据? [英] How can I pass user credentials through a Unix-domain socket on Mac OS X?
问题描述
在许多操作系统下,Unix域套接字允许进程将其凭据可靠地传递给另一个进程,而这种方式不能被恶意颠覆.例如,在Linux上通过 SO_PASSCRED和SO_PEERCRED选项在FreeBSD上完成通过设置LOCAL_CREDS选项.但是,我还没有找到在Mac OS X下执行此操作的方法.相应的标头(socket.h)似乎已禁用了Apple的构建功能.
Under many operating systems Unix-domain sockets allow a process to reliably pass its credentials to another process in a way that can't be maliciously subverted. For instance, this is done on Linux through the SO_PASSCRED and SO_PEERCRED options, on FreeBSD by passing messages that include the cmsgcred structure, and on NetBSD by setting the LOCAL_CREDS option. However, I haven't been able to find a way to perform this operation under Mac OS X. The corresponding header (socket.h) seems to have the functionality disabled for Apple's build.
#if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)
#ifndef __APPLE__
// ...
struct cmsgcred {
有没有想到可以实现相同结果的另一个Mac OS X工具?
Any idea of another Mac OS X facility that can accomplish the same result?
推荐答案
我从未使用过它,但我认为您正在寻找LOCAL_PEERCRED. (请参见man unix)
I haven't ever worked with it, but I think you're looking for LOCAL_PEERCRED. ( see man unix)
您可以使用Mac OS X 10.4中引入的LOCAL_PEERCRED套接字选项,在套接字的另一端确认程序的身份.
这篇关于如何通过Mac OS X上的Unix域套接字传递用户凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
