"William E. Baxter" wrote:
> With getpeereid() the credentials are passed at connect() and do not
> require the client to send data. Therefore clients cannot consume
> connections anonymously.
In the patch:
+ error = copyout((caddr_t) &g, (caddr_t)(uap->egid), sizeof(gid_t));
+ return (error);
...
Passing only one gid is nearly useless. You should copy them all or not
at all. I would like to see real and effective uid's as well.
For what it's worth, we presently use SCM_CREDS in our RPC library to verify
identity. This is mainly for keyserv and rpc.yppasswdd.
The biggest problem with a "get the other side's credential" type operation
is that it is ambiguous in the case of forked or shared fd's. Also, what
about the case of changing uids? Do you give it the current uid or the uid
at time of connection? SCM_CREDS has the ability for the client to
authenticate at exactly the right time and without ambiguity.
> W.
>
> On Tue, Aug 08, 2000 at 09:35:28AM -0700, Alfred Perlstein wrote:
> >
> > I haven't used the credential passing feature of sendmsg(), but I
> > was wondering what advantages this has over being able to pass
> > kernel verified id's through a unix domain socket using SCM_CREDS.
> > My reading of UNP seems to indicate that it offers the same features.
> >
>
> > -Alfred Perlstein - [[EMAIL PROTECTED]|[EMAIL PROTECTED]]
> > "I have the heart of a child; I keep it in a jar on my desk."
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-hackers" in the body of the message
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
Cheers,
-Peter
--
Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
