Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/sys/unix: UnixCredentials etc. missing on FreeBSD #51711

Open
guelfey opened this issue Mar 16, 2022 · 5 comments
Open

x/sys/unix: UnixCredentials etc. missing on FreeBSD #51711

guelfey opened this issue Mar 16, 2022 · 5 comments
Labels
NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone

Comments

@guelfey
Copy link
Contributor

guelfey commented Mar 16, 2022

On Linux, the definitions to pass Unix credentials over sockets via SCM_CREDENTIALS like Ucred are exposed and there are helper functions like UnixCredentials to convert between raw and structured representations. FreeBSD has a similar capability via SCM_CREDS (see its unix manpage), which is not part of x/sys right now. This is not POSIX-standardized as far as I can tell.

At the minimum, we could include struct cmsgcred as part of the Go types (I'm happy to contribute here). Ideally we'd also add matching FreeBSD-implementations for UnixCredentials and ParseUnixCredentials, though signature and semantics would be slightly different (on FreeBSD, it's recommended to pass a zeroed buffer since the kernel apparently fills the fields, while on Linux the sender can explicitly set the fields as long as it has appropriate privileges).

@gopherbot gopherbot added this to the Unreleased milestone Mar 16, 2022
@heschi heschi added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. labels Mar 16, 2022
@heschi
Copy link
Contributor

heschi commented Mar 16, 2022

cc @golang/runtime

@seankhliao seankhliao changed the title x/sys: UnixCredentials etc. missing on FreeBSD x/sys/unix: UnixCredentials etc. missing on FreeBSD Mar 16, 2022
@gopherbot gopherbot removed the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 16, 2022
@ianlancetaylor
Copy link
Contributor

Can you write down what the API would look like on FreeBSD? Thanks.

@guelfey
Copy link
Contributor Author

guelfey commented Mar 17, 2022

Something like:

// generated by godefs, example for amd64
type Cmsgcred struct {
       Pid     int32
       Uid     uint32
       Euid    uint32
       Gid     uint32
       Ngroups int16
       Groups  [16]uint32
}

const SizeofCmsgcred = // ...

func ParseUnixCredentials(scm *SocketControlMessage) (*Cmsgcred, error)

Typing it out now, I'd actually omit an equivalent of UnixCredentials. Since the user can't give explicit credentials and is supposed to just pass a zero buffer, It would just amount to make([]byte, SizeofCmsgcred which probably isn't worth its own function.

@ianlancetaylor
Copy link
Contributor

Can we use the name Ucred rather than Cmsgcred so that we have the same API on FreeBSD and Linux? Or what would that be bad for some reason?

And if we do that it might be worth having UnixCredentials even if it doesn't do anything interesting. Then presumably the same code would work on FreeBSD and Linux which seems desirable if it is possible.

@guelfey
Copy link
Contributor Author

guelfey commented Mar 19, 2022

It might be slightly misleading since on FreeBSD, the ucred name is used for a different struct (https://www.freebsd.org/cgi/man.cgi?query=ucred), though it's only for kernel-internal use. But I agree that having the same API is probably the best here; for the common case of only caring about Uid, Pid and Gid, the application code could be identical then for FreeBSD and Linux.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Development

No branches or pull requests

4 participants