Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > UNIX credential passing

Reply
Thread Tools

UNIX credential passing

 
 
Kris Kennaway
Guest
Posts: n/a
 
      05-29-2008
I want to make use of UNIX credential passing on a local domain socket
to verify the identity of a user connecting to a privileged service.
However it looks like the socket module doesn't implement
sendmsg/recvmsg wrappers, and I can't find another module that does this
either. Is there something I have missed?

Kris
 
Reply With Quote
 
 
 
 
Paul Rubin
Guest
Posts: n/a
 
      05-30-2008
Kris Kennaway <(E-Mail Removed)> writes:
> I want to make use of UNIX credential passing on a local domain socket
> to verify the identity of a user connecting to a privileged
> service. However it looks like the socket module doesn't implement
> sendmsg/recvmsg wrappers, and I can't find another module that does
> this either. Is there something I have missed?


There is a patch for it attached to an RFE in the python bug tracker,
I forget which one. Try searching for sendmsg or ancillary messages
or SCM_RIGHTS in the tracker.
 
Reply With Quote
 
 
 
 
Sebastian 'lunar' Wiesner
Guest
Posts: n/a
 
      05-30-2008
[ Kris Kennaway <(E-Mail Removed)> ]

> I want to make use of UNIX credential passing on a local domain socket
> to verify the identity of a user connecting to a privileged service.
> However it looks like the socket module doesn't implement
> sendmsg/recvmsg wrappers, and I can't find another module that does this
> either. Is there something I have missed?


http://pyside.blogspot.com/2007/07/u...th-python.html

Illustrates, how to use socket credentials without sendmsg/recvmsg and so
without any need for patching.


--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
 
Reply With Quote
 
Kris Kennaway
Guest
Posts: n/a
 
      05-30-2008
Sebastian 'lunar' Wiesner wrote:
> [ Kris Kennaway <(E-Mail Removed)> ]
>
>> I want to make use of UNIX credential passing on a local domain socket
>> to verify the identity of a user connecting to a privileged service.
>> However it looks like the socket module doesn't implement
>> sendmsg/recvmsg wrappers, and I can't find another module that does this
>> either. Is there something I have missed?

>
> http://pyside.blogspot.com/2007/07/u...th-python.html
>
> Illustrates, how to use socket credentials without sendmsg/recvmsg and so
> without any need for patching.
>
>


Thanks to both you and Paul for your suggestions. For the record, the
URL above is linux-specific, but it put me on the right track. Here is
an equivalent FreeBSD implementation:

def getpeereid(sock):
""" Get peer credentials on a UNIX domain socket.

Returns a nested tuple: (uid, (gids)) """

LOCAL_PEERCRED = 0x001
NGROUPS = 16

#struct xucred {
# u_int cr_version; /* structure layout version */
# uid_t cr_uid; /* effective user id */
# short cr_ngroups; /* number of groups */
# gid_t cr_groups[NGROUPS]; /* groups */
# void *_cr_unused1; /* compatibility with old ucred */
#};

xucred_fmt = '2ih16iP'
res = tuple(struct.unpack(xucred_fmt, sock.getsockopt(0,
LOCAL_PEERCRED, struct.calcsize(xucred_fmt))))

# Check this is the above version of the structure
if res[0] != 0:
raise OSError

return (res[1], res[3:3+res[2]])


Kris
 
Reply With Quote
 
Sebastian 'lunar' Wiesner
Guest
Posts: n/a
 
      05-31-2008
[ Kris Kennaway <(E-Mail Removed)> ]

> Sebastian 'lunar' Wiesner wrote:
>>
>> Illustrates, how to use socket credentials without sendmsg/recvmsg and so
>> without any need for patching.
>>

> Thanks to both you and Paul for your suggestions. For the record, the
> URL above is linux-specific,


D'oh, sorry, I didn't know this ... I'm not a unix expert, I just remembered
that article when reading your question


--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Time involved in studying for MCSD-credential Guest MCSD 2 12-07-2004 10:39 PM
MSCE credential itsme MCSE 4 03-02-2004 07:44 PM
Passing Credential to SOAP via a .NET remoted object Steve Drake ASP .Net 1 02-13-2004 05:26 PM
Passing Credential to SOAP via a .NET remoted object Steve Drake ASP .Net Security 1 02-13-2004 05:26 PM
Passing Credential to SOAP via a .NET remoted object Steve Drake ASP .Net Web Services 1 02-13-2004 05:26 PM



Advertisments