Tags: accepts, backgroundi, connecting, daemon, group, linux, listens, local, localrequests, process, programming, serve, server, socket, unix, write

How to find out who is connecting to my daemon

On Programmer » Unix & Linux

4,712 words with 2 Comments; publish: Wed, 07 May 2008 09:19:00 GMT; (200203.13, « »)

Hi group,

Background:

I'm trying to write a server daemon process which is to serve local

requests. It listens on a unix local socket and accepts connections from

local clients only. The daemon implements common fork-on-accept technique.

Issue:

I want the forked child to downgrade its real and effective user and

group to those of the connecting process.

Lets say, server daemon is started as root process (it has to), then

a user "igusarov" runs a client program which connects to the server

socket. The forked server child process dosn't have to run as root,

therefore it's better to switch it to the uid/gid of the user whose

request is being served - in this case, "igusarov".

The question:

Upon accepting a connection, how does the server determine which

process (or which user) has just connected to it? I want to find it out

automatically, without asking the user to identify himself and authorize.

I realize it's impossible for network connections, but with local

processes it should be possible - the kernel knows which process has

made a connection request, therefore the kernel can somehow communicate

this information to the server process. I just didn't find out how can a

server get this info. Anyone can help me or point me to the right place

to read?

Thanks,

Igor

All Comments

Leave a comment...

  • 2 Comments
    • "Igor A. Goussarov" <igusarov.unix-linux.todaysummary.com.mail.ru> writes:

      > Hi group,

      > Background:

      > I'm trying to write a server daemon process which is to serve

      > local requests. It listens on a unix local socket and accepts

      > connections from local clients only. The daemon implements common

      > fork-on-accept technique.

      > Issue:

      > I want the forked child to downgrade its real and effective user

      > and group to those of the connecting process.

      > Lets say, server daemon is started as root process (it has to),

      > then a user "igusarov" runs a client program which connects to the

      > server socket. The forked server child process dosn't have to run as

      > root, therefore it's better to switch it to the uid/gid of the user

      > whose request is being served - in this case, "igusarov".

      > The question:

      > Upon accepting a connection, how does the server determine which

      > process (or which user) has just connected to it? I want to find it

      > out automatically, without asking the user to identify himself and

      > authorize.

      > I realize it's impossible for network connections, but with local

      > processes it should be possible - the kernel knows which process has

      > made a connection request, therefore the kernel can somehow

      > communicate this information to the server process. I just didn't find

      > out how can a server get this info. Anyone can help me or point me to

      > the right place to read?

      Use the ident protocol.

      Over the network, it's not impossible, but it's unsafe

      You'd better cryptographic authentification. Have a look at openssl and open

      ssh.

      __Pascal Bourguignon__ http://www.informatimago.com/

      "This machine is a piece of GAGH! I need dual Opteron 850

      processors if I am to do battle with this code!"

      #1; Wed, 07 May 2008 09:20:00 GMT
    • Igor A. Goussarov wrote:

      > Hi group,

      > Background:

      > I'm trying to write a server daemon process which is to serve local

      > requests. It listens on a unix local socket and accepts connections from

      > local clients only. The daemon implements common fork-on-accept technique.

      > Issue:

      > I want the forked child to downgrade its real and effective user and

      > group to those of the connecting process.

      > Lets say, server daemon is started as root process (it has to), then

      > a user "igusarov" runs a client program which connects to the server

      > socket. The forked server child process dosn't have to run as root,

      > therefore it's better to switch it to the uid/gid of the user whose

      > request is being served - in this case, "igusarov".

      > The question:

      > Upon accepting a connection, how does the server determine which

      > process (or which user) has just connected to it? I want to find it out

      > automatically, without asking the user to identify himself and authorize.

      struct ucred cr;

      int cl=sizeof(cr);

      if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)==0) {

      printf("Peer's pid=%d, uid=%d, gid=%d\n",

      cr.pid, cr.uid, cr.gid);

      #2; Wed, 07 May 2008 09:21:00 GMT